diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2020-01-28 07:17:48 -0800 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-01-28 07:17:48 -0800 |
commit | c9a536473d3a816e19249ead672c2ffc4945650f (patch) | |
tree | 0746e8092dcadc556f3ca5ddcd20b30b026c4259 /data/CVE/list | |
parent | 1615f2e6a0499d9e6b9bacdf04083e6435191a12 (diff) |
exiv2 fixes
Diffstat (limited to 'data/CVE/list')
-rw-r--r-- | data/CVE/list | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/data/CVE/list b/data/CVE/list index 23797a3e72..078006ab6b 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -38038,39 +38038,38 @@ CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchang NOTE: https://blog.semmle.com/libssh2-integer-overflow/ NOTE: https://github.com/libssh2/libssh2/pull/350 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <not-affected> (HTTP support yet added in 0.25) NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/793 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...) - - exiv2 <unfixed> (unimportant) + - exiv2 0.27.2-6 (unimportant) NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933 NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/841 NOTE: Negligible security impact CVE-2019-13112 (A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <ignored> (Minor issue, clean exception / local DoS) NOTE: https://github.com/Exiv2/exiv2/commit/1ed1e03c83802547585833fa9d4433af94798778 NOTE: https://github.com/Exiv2/exiv2/issues/845 CVE-2019-13111 (A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...) - [experimental] - exiv2 <unfixed> - - exiv2 <not-affected> (Vulnerable code introduced later) + - exiv2 <not-affected> (Only affected 0.27, vulnerable versions were only in experimental) NOTE: https://github.com/Exiv2/exiv2/issues/791 NOTE: https://github.com/Exiv2/exiv2/pull/797/commits CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and out-of-bounds read ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <ignored> (Minor issue, read segfault) NOTE: https://github.com/Exiv2/exiv2/issues/843 NOTE: https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967 CVE-2019-13109 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <not-affected> (ICC-specific support added in 0.26, PoC doesn't crash) |