[Git][security-tracker-team/security-tracker][master] mark libmetadata-extractor-java as unimportant

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
856a2172 by Moritz Muehlenhoff at 2022-06-08T18:01:08+02:00
mark libmetadata-extractor-java as unimportant

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -22794,17 +22794,15 @@ CVE-2022-24615 (zip4j up to v2.10.0 can throw various 
uncaught exceptions while
        [bullseye] - zip4j <no-dsa> (Minor issue)
        NOTE: https://github.com/srikanth-lingala/zip4j/issues/377
 CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor 
up to 2 ...)
-       - libmetadata-extractor-java <unfixed>
-       [bullseye] - libmetadata-extractor-java <no-dsa> (Minor issue)
-       [buster] - libmetadata-extractor-java <no-dsa> (Minor issue)
-       [stretch] - libmetadata-extractor-java <no-dsa> (Minor issue)
+       - libmetadata-extractor-java <unfixed> (unimportant)
        NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
+       NOTE: Fixed in 2.18.0 but per upstream there's no real security impact:
+       NOTE: 
https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784
 CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught 
exceptions  ...)
-       - libmetadata-extractor-java <unfixed>
-       [bullseye] - libmetadata-extractor-java <no-dsa> (Minor issue)
-       [buster] - libmetadata-extractor-java <no-dsa> (Minor issue)
-       [stretch] - libmetadata-extractor-java <no-dsa> (Minor issue)
+       - libmetadata-extractor-java <unfixed> (unimportant)
        NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
+       NOTE: Fixed in 2.18.0 but per upstream there's no real security impact:
+       NOTE: 
https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784
 CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS 
via the ...)
        NOT-FOR-US: EyesOfNetwork (EON) eonweb
 CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol 
specificati ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/856a21722b51a9c9899f91bc2d4e9b13cc6d5d43

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/856a21722b51a9c9899f91bc2d4e9b13cc6d5d43
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits