summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSalvatore Bonaccorso <carnil@debian.org>2020-01-30 13:04:42 +0100
committerSalvatore Bonaccorso <carnil@debian.org>2020-01-30 13:04:42 +0100
commit282e36e9600420f016df003bf83551bcfc75ce8c (patch)
tree936075e5166fc2c511630147db85b585f7d4b8a1
parent01db6d32e1087cf1fde74689da6a5cd41a8e0767 (diff)
Update tracking for CVE-2017-14858/exiv2
-rw-r--r--data/CVE/2017.list5
1 files changed, 1 insertions, 4 deletions
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 57e152d06f..635f57bcff 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -11227,12 +11227,9 @@ CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::S
NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
- [experimental] - exiv2 <unfixed> (bug #897134)
- - exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles yet)
+ - exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134)
NOTE: https://github.com/Exiv2/exiv2/issues/138
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
- NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
- NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...)
[experimental] - exiv2 <unfixed> (low; bug #888869)
- exiv2 <not-affected> (Vulnerable code not present)

© 2014-2024 Faster IT GmbH | imprint | privacy policy