From: Yann E. MORIN <yann.morin.1998@free.fr>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH 1/3] package/exiv2: annotate CVE-2019-13504
Date: Sun, 1 Mar 2020 08:29:34 +0100 [thread overview]
Message-ID: <20200301072934.GY8743@scaer> (raw)
In-Reply-To: <CAPi7W83y6UpduPvecerrx0UPqaR0NwJVKvV3KH6fFhiT2Yvs8Q@mail.gmail.com>
Fabrice, All,
On 2020-02-29 23:28 +0100, Fabrice Fontaine spake thusly:
> Le sam. 29 f?vr. 2020 ? 23:21, Yann E. MORIN <yann.morin.1998@free.fr> a ?crit :
> > On 2020-02-29 22:32 +0100, Fabrice Fontaine spake thusly:
> > > CVE-2019-13504 is misclassified (by our CVE tracker) as affecting
> > > version 0.27.2, while in fact both commits that fixed this issue are
> > > already in this version.
[--SNIP--]
> > However, for patch 1, I have been able to track only one commit, but you
> > noted two. It would be nice if youc ould provide the sha1 for those two
> > commits.
> Sure, here it is (from
> https://security-tracker.debian.org/tracker/CVE-2019-13504):
> - https://github.com/Exiv2/exiv2/commit/bd0afe0390439b2c424d881c8c6eb0c5624e31d9
> - https://github.com/Exiv2/exiv2/commit/54f0bebca032d0286a0e48f47e67dfc6141fedff
Applied to master with those references added to the commit log. Thanks! :-)
Regards,
Yann E. MORIN.
--
.-----------------.--------------------.------------------.--------------------.
| Yann E. MORIN | Real-Time Embedded | /"\ ASCII RIBBON | Erics' conspiracy: |
| +33 662 376 056 | Software Designer | \ / CAMPAIGN | ___ |
| +33 561 099 427 `------------.-------: X AGAINST | \e/ There is no |
| http://ymorin.is-a-geek.org/ | _/*\_ | / \ HTML MAIL | v conspiracy. |
'------------------------------^-------^------------------^--------------------'
prev parent reply other threads:[~2020-03-01 7:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-29 21:32 [Buildroot] [PATCH 1/3] package/exiv2: annotate CVE-2019-13504 Fabrice Fontaine
2020-02-29 21:32 ` [Buildroot] [PATCH 2/3] package/exiv2: fix CVE-2019-17402 Fabrice Fontaine
2020-03-14 17:58 ` Peter Korsgaard
2020-02-29 21:32 ` [Buildroot] [PATCH 3/3] package/exiv2: fix CVE-2019-20421 Fabrice Fontaine
2020-03-14 17:58 ` Peter Korsgaard
2020-02-29 22:21 ` [Buildroot] [PATCH 1/3] package/exiv2: annotate CVE-2019-13504 Yann E. MORIN
2020-02-29 22:28 ` Fabrice Fontaine
2020-03-01 7:29 ` Yann E. MORIN [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200301072934.GY8743@scaer \
--to=yann.morin.1998@free.fr \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.