From 367a0419e70246f71461f69beefecf04c854dd9c Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 30 Jan 2020 13:04:42 +0100
Subject: Update tracking for CVE-2017-14858/exiv2

---
 data/CVE/list | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/data/CVE/list b/data/CVE/list
index 9a9120a78d..9c8037efe7 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -137518,12 +137518,9 @@ CVE-2017-14859 (An Invalid memory address dereference was discovered in Exiv2::S
 	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
 	NOTE: Reproducible in experimental(0.26-1).
 CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
-	[experimental] - exiv2 <unfixed> (bug #897134)
-	- exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles yet)
+	- exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles; only affected experimental; bug #897134)
 	NOTE: https://github.com/Exiv2/exiv2/issues/138
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
-	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
-	NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
 CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cp ...)
 	[experimental] - exiv2 <unfixed> (low; bug #888869)
 	- exiv2 <not-affected> (Vulnerable code not present)
-- 
cgit v1.2.3