diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-30 13:04:42 +0100 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-01-30 13:04:42 +0100 |
commit | 2ca6b74b34179ff11d059ef305db7083589a3aec (patch) | |
tree | 590392d1b42a7805de98cddbd10fc36c12b30ae4 | |
parent | 0d53087f4209ff0543f51b4f58e7b43f573d425d (diff) |
Update tracking for CVE-2017-14858/exiv2
-rw-r--r-- | data/CVE/list.2017 | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 57e152d06f..635f57bcff 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -11227,12 +11227,9 @@ CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::S NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1). NOTE: Reproducible in experimental(0.26-1). CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...) - [experimental] - exiv2 <unfixed> (bug #897134) - - exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles yet) + - exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134) NOTE: https://github.com/Exiv2/exiv2/issues/138 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782 - NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1). - NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out)) CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...) [experimental] - exiv2 <unfixed> (low; bug #888869) - exiv2 <not-affected> (Vulnerable code not present) |