Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d8c54767 by Salvatore Bonaccorso at 2018-01-10T06:13:14+01:00 Adjust status for CVE-2018-4868/exiv2 The assessment with unimportant was incorrect after short discussion with team members. Rather since issue present, mark it as no-dsa still beeing a minor issue. Cf. as well the discussion from upstream in https://github.com/Exiv2/exiv2/issues/202 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -956,7 +956,9 @@ CVE-2018-4870 CVE-2018-4869 RESERVED CVE-2018-4868 (** DISPUTED ** The Exiv2::Jp2Image::readMetadata function in ...) - - exiv2 <unfixed> (unimportant) + - exiv2 <unfixed> + [stretch] - exiv2 <no-dsa> (Minor issue) + [jessie] - exiv2 <no-dsa> (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/202 CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...) NOT-FOR-US: Keycloak View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c54767c7f73d24cff312ebf56a10097fea8a71 --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8c54767c7f73d24cff312ebf56a10097fea8a71 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
