diff options
author | Dominik George <natureshadow@debian.org> | 2022-11-10 15:37:49 +0100 |
---|---|---|
committer | Dominik George <natureshadow@debian.org> | 2022-11-10 15:37:49 +0100 |
commit | cc35d972357a33295e50c9f527ec258d578b18a8 (patch) | |
tree | 424df8852c842d3d5e6a3e4966caa58f572d5bbd | |
parent | 98d845606fc362a45133492aff74fd03ce7097eb (diff) |
Reserve DLA-3186-1 for exiv2
-rw-r--r-- | data/CVE/list | 2 | ||||
-rw-r--r-- | data/DLA/list | 3 | ||||
-rw-r--r-- | data/dla-needed.txt | 4 |
3 files changed, 4 insertions, 5 deletions
diff --git a/data/CVE/list b/data/CVE/list index 95f62e8143..98bfbf63fa 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -241631,7 +241631,7 @@ CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to NOTE: https://github.com/Exiv2/exiv2/issues/793 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...) - exiv2 0.27.2-6 (unimportant) - [buster] - exiv2 <not-affected> (Vulnerable code introduced later) + [buster] - exiv2 <not-affected> (Vulnerable code introduced later) NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933 NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/841 diff --git a/data/DLA/list b/data/DLA/list index 58c1e21c43..f96d9b5880 100644 --- a/data/DLA/list +++ b/data/DLA/list @@ -1,3 +1,6 @@ +[10 Nov 2022] DLA-3186-1 exiv2 - security update + {CVE-2017-11683 CVE-2020-19716 CVE-2022-3756} + [buster] - exiv2 0.25-4+deb10u3 [10 Nov 2022] DLA-3185-1 xorg-server - security update {CVE-2022-3550 CVE-2022-3551} [buster] - xorg-server 2:1.20.4-1+deb10u6 diff --git a/data/dla-needed.txt b/data/dla-needed.txt index 70797c1b12..81ee70b27f 100644 --- a/data/dla-needed.txt +++ b/data/dla-needed.txt @@ -44,10 +44,6 @@ curl (Emilio) dropbear (Utkarsh) NOTE: 20221027: Programming language: C. -- -exiv2 (Dominik George) - NOTE: 20220819: Programming language: C++. - NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb) --- firmware-nonfree NOTE: 20220906: Consider to check the severity of the issues again and judge whether a correction is worth it. -- |