Reserve DLA-3186-1 for exiv2

3 files changed, 4 insertions, 5 deletions

diff --git a/data/CVE/list b/data/CVE/list
index 95f62e8143..98bfbf63fa 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -241631,7 +241631,7 @@ CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to
 	NOTE: https://github.com/Exiv2/exiv2/issues/793
 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...)
 	- exiv2 0.27.2-6 (unimportant)
-        [buster] - exiv2 <not-affected> (Vulnerable code introduced later)
+	[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933
 	NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72
 	NOTE: https://github.com/Exiv2/exiv2/issues/841
diff --git a/data/DLA/list b/data/DLA/list
index 58c1e21c43..f96d9b5880 100644
--- a/data/DLA/list
+++ b/data/DLA/list
@@ -1,3 +1,6 @@
+[10 Nov 2022] DLA-3186-1 exiv2 - security update
+	{CVE-2017-11683 CVE-2020-19716 CVE-2022-3756}
+	[buster] - exiv2 0.25-4+deb10u3
 [10 Nov 2022] DLA-3185-1 xorg-server - security update
 	{CVE-2022-3550 CVE-2022-3551}
 	[buster] - xorg-server 2:1.20.4-1+deb10u6
diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 70797c1b12..81ee70b27f 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -44,10 +44,6 @@ curl (Emilio)
 dropbear (Utkarsh)
   NOTE: 20221027: Programming language: C.
 --
-exiv2 (Dominik George)
-  NOTE: 20220819: Programming language: C++.
-  NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb)
---
 firmware-nonfree
   NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it.
 --