diff options
| author | Moritz Muehlenhoff <jmm@debian.org> | 2020-01-28 07:17:48 -0800 |
|---|---|---|
| committer | Moritz Muehlenhoff <jmm@debian.org> | 2020-01-28 07:17:48 -0800 |
| commit | 73bcf4ab39b978645cdf03ec512edf28a30dbf60 (patch) | |
| tree | 49b2516ac4abb0d16e929f9d3714d4a46e5841e1 | |
| parent | 482d806515c59670523f139531c8fb1f622957fb (diff) | |
exiv2 fixes
| -rw-r--r-- | data/CVE/list.2019 | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 923dbdc83a..58c6b5a15b 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -18418,39 +18418,38 @@ CVE-2019-13115 (In libssh2 before 1.9.0, kex_method_diffie_hellman_group_exchang NOTE: https://blog.semmle.com/libssh2-integer-overflow/ NOTE: https://github.com/libssh2/libssh2/pull/350 CVE-2019-13114 (http.c in Exiv2 through 0.27.1 allows a malicious http server to cause ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <not-affected> (HTTP support yet added in 0.25) NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/793 CVE-2019-13113 (Exiv2 through 0.27.1 allows an attacker to cause a denial of service ( ...) - - exiv2 <unfixed> (unimportant) + - exiv2 0.27.2-6 (unimportant) NOTE: https://github.com/Exiv2/exiv2/commit/6212806b7637be683a56c769a8d905153996d933 NOTE: https://github.com/Exiv2/exiv2/commit/ccde30afa8ca787a3fe17388a15977f107a53b72 NOTE: https://github.com/Exiv2/exiv2/issues/841 NOTE: Negligible security impact CVE-2019-13112 (A PngChunk::parseChunkContent uncontrolled memory allocation in Exiv2 ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <ignored> (Minor issue, clean exception / local DoS) NOTE: https://github.com/Exiv2/exiv2/commit/1ed1e03c83802547585833fa9d4433af94798778 NOTE: https://github.com/Exiv2/exiv2/issues/845 CVE-2019-13111 (A WebPImage::decodeChunks integer overflow in Exiv2 through 0.27.1 all ...) - [experimental] - exiv2 <unfixed> - - exiv2 <not-affected> (Vulnerable code introduced later) + - exiv2 <not-affected> (Only affected 0.27, vulnerable versions were only in experimental) NOTE: https://github.com/Exiv2/exiv2/issues/791 NOTE: https://github.com/Exiv2/exiv2/pull/797/commits CVE-2019-13110 (A CiffDirectory::readDirectory integer overflow and out-of-bounds read ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <ignored> (Minor issue, read segfault) NOTE: https://github.com/Exiv2/exiv2/issues/843 NOTE: https://github.com/Exiv2/exiv2/commit/9628f82084ed30d494ddd4f7360d233801e22967 CVE-2019-13109 (An integer overflow in Exiv2 through 0.27.1 allows an attacker to caus ...) - - exiv2 <unfixed> (low) + - exiv2 0.27.2-6 (low) [buster] - exiv2 <ignored> (Minor issue) [stretch] - exiv2 <ignored> (Minor issue) [jessie] - exiv2 <not-affected> (ICC-specific support added in 0.26, PoC doesn't crash) |