Hi On Mon, Jul 17, 2017 at 01:36:41PM +0200, Maximiliano Curia wrote: > Control: notfound -1 0.25-3.1 > Control: found -1 0.26-1 > > ??Hola Moritz! > > El 2017-07-16 a las 22:49 +0200, Moritz Muehlenhoff escribi??: > > Package: exiv2 Version: 0.25-3.1 Severity: important Tags: security > > > > Please see: > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11335 > > This one seems to be libtiff specific, if this is reproducible with exiv2, > please let me know how to reproduce it.
I think that one was a copy-paste glitch, it is for src:tiff, cf. https://security-tracker.debian.org/tracker/CVE-2017-11335 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11336 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11337 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11338 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11339 > > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11340 > > I couldn't reproduce these with 0.25-3.1, but these issues are clearly there > for 0.26-1. Thanks for the heads up, I guess we would either skip 0.26 for > unstable or, at least, wait till these issues are patched. Hmm, not beeing able to reproduce does not necessarly mean the issue is not present. Is there source-wise evidence that they do not affect versions prior to 0.26? AFAICT at least the Image::printIFDStructure* functions are not present in older versions as exiv2 in unstable. Regards, Salvatore _______________________________________________ pkg-kde-extras mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-kde-extras
