Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: d515e028 by Salvatore Bonaccorso at 2022-11-21T21:40:47+01:00 Drop several CVEs (originally assigned to exiv2) Furhter investigation has shown that they were not security issues and the assigning CNA has withrawn it. This impacts as well DLA 3186-1 list of CVE. - - - - - 2 changed files: - data/CVE/list - data/DLA/list Changes: ===================================== data/CVE/list ===================================== @@ -1923,11 +1923,6 @@ CVE-2022-3954 RESERVED CVE-2022-3953 REJECTED - - exiv2 <unfixed> - NOTE: https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1 - NOTE: https://github.com/Exiv2/exiv2/pull/2394 - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731 - TODO: check details CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2 and clas ...) NOT-FOR-US: ManyDesigns Portofino CVE-2022-3951 @@ -5853,21 +5848,10 @@ CVE-2022-43998 RESERVED CVE-2022-3757 REJECTED - - exiv2 <not-affected> (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901 - NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378 CVE-2022-3756 REJECTED - {DLA-3186-1} - - exiv2 <unfixed> - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e CVE-2022-3755 REJECTED - - exiv2 <not-affected> (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382 - NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...) NOT-FOR-US: phpmyfaq CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...) @@ -7774,21 +7758,10 @@ CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not validate NOT-FOR-US: WordPress plugin CVE-2022-3719 REJECTED - - exiv2 <not-affected> (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707 - NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a CVE-2022-3718 REJECTED - - exiv2 <not-affected> (Vulnerable code not present) - NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053 - NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf CVE-2022-3717 REJECTED - - exiv2 <not-affected> (Vulnerable code not present) - NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/9a6ee59421fdfa0745a5f494a3dd19af78b03ce7 - NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3 CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCodester ...) NOT-FOR-US: SourceCodester Online Medicine Ordering System CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform] ===================================== data/DLA/list ===================================== @@ -40,7 +40,7 @@ {CVE-2021-36369} [buster] - dropbear 2018.76-5+deb10u2 [10 Nov 2022] DLA-3186-1 exiv2 - security update - {CVE-2017-11683 CVE-2020-19716 CVE-2022-3756} + {CVE-2017-11683 CVE-2020-19716} [buster] - exiv2 0.25-4+deb10u3 [10 Nov 2022] DLA-3185-1 xorg-server - security update {CVE-2022-3550 CVE-2022-3551} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits