From feb5955b387e4abe549014e5015f783d3179025e Mon Sep 17 00:00:00 2001 From: Moritz Muehlenhoff Date: Wed, 29 Jan 2020 10:36:25 -0800 Subject: exiv2 fixed NFUs --- data/CVE/list.2018 | 18 +++++++++--------- data/CVE/list.2020 | 10 ++++++++++ 2 files changed, 19 insertions(+), 9 deletions(-) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index 5828f756f5..7012eb071d 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -2894,8 +2894,8 @@ CVE-2018-20098 (There is a heap-based buffer over-read in Exiv2::Jp2Image::encod CVE-2018-20097 (There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroup ...) {DLA-1691-1} - exiv2 (low) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/590 NOTE: https://github.com/Exiv2/exiv2/commit/203ab0db28c9666b16069d4056ac5f66f753a51d CVE-2018-20096 (There is a heap-based buffer over-read in the Exiv2::tEXtToDataBuf fun ...) @@ -4502,8 +4502,8 @@ CVE-2018-19536 CVE-2018-19535 (In Exiv2 0.26 and previous versions, PngChunk::readRawProfile in pngch ...) {DLA-1691-1} - exiv2 (bug #915135) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/428 NOTE: https://github.com/Exiv2/exiv2/pull/430 CVE-2018-19534 @@ -5646,8 +5646,8 @@ CVE-2018-19109 (tianti 2.3 allows remote authenticated users to bypass intended CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in the PS ...) {DLA-1691-1} - exiv2 (bug #913272) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/426 NOTE: https://github.com/Exiv2/exiv2/pull/518 NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b @@ -5655,8 +5655,8 @@ CVE-2018-19108 (In Exiv2 0.26, Exiv2::PsdImage::readMetadata in psdimage.cpp in CVE-2018-19107 (In Exiv2 0.26, Exiv2::IptcParser::decode in iptc.cpp (called from psdi ...) {DLA-1691-1} - exiv2 (bug #913273) - [buster] - exiv2 (Minor issue) - [stretch] - exiv2 (Minor issue) + [buster] - exiv2 (Minor issue) + [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/427 NOTE: https://github.com/Exiv2/exiv2/pull/518 NOTE: https://github.com/Exiv2/exiv2/commit/68966932510213b5656fcf433ab6d7e26f48e23b @@ -31960,7 +31960,7 @@ CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in c - exiv2 (Vulnerable code introduced after 0.25) NOTE: https://github.com/Exiv2/exiv2/issues/247 CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...) - - exiv2 (low; bug #903813) + - exiv2 0.27.2-6 (low; bug #903813) [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) [jessie] - exiv2 (Minor issue) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 5b09726ff9..b93efbc83e 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -12877,24 +12877,34 @@ CVE-2020-2109 RESERVED CVE-2020-2108 RESERVED + NOT-FOR-US: Jenkins plugin CVE-2020-2107 RESERVED + NOT-FOR-US: Jenkins plugin CVE-2020-2106 RESERVED + NOT-FOR-US: Jenkins plugin CVE-2020-2105 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2104 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2103 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2102 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2101 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2100 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2099 RESERVED + NOT-FOR-US: Jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) -- cgit v1.2.3