Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d515e028 by Salvatore Bonaccorso at 2022-11-21T21:40:47+01:00
Drop several CVEs (originally assigned to exiv2)
Furhter investigation has shown that they were not security issues and
the assigning CNA has withrawn it.
This impacts as well DLA 3186-1 list of CVE.
- - - - -
2 changed files:
- data/CVE/list
- data/DLA/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1923,11 +1923,6 @@ CVE-2022-3954
RESERVED
CVE-2022-3953
REJECTED
- - exiv2 <unfixed>
- NOTE:
https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1
- NOTE: https://github.com/Exiv2/exiv2/pull/2394
- NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731
- TODO: check details
CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2
and clas ...)
NOT-FOR-US: ManyDesigns Portofino
CVE-2022-3951
@@ -5853,21 +5848,10 @@ CVE-2022-43998
RESERVED
CVE-2022-3757
REJECTED
- - exiv2 <not-affected> (Vulnerable code not present)
- NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901
- NOTE: Issue introduced after:
https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
- NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378
CVE-2022-3756
REJECTED
- {DLA-3186-1}
- - exiv2 <unfixed>
- NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e
CVE-2022-3755
REJECTED
- - exiv2 <not-affected> (Vulnerable code not present)
- NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382
- NOTE: Issue introduced after:
https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
- NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca
CVE-2022-3754 (Weak Password Requirements in GitHub repository
thorsten/phpmyfaq prio ...)
NOT-FOR-US: phpmyfaq
CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and
escape ...)
@@ -7774,21 +7758,10 @@ CVE-2022-3720 (The Event Monster WordPress plugin
before 1.2.0 does not validate
NOT-FOR-US: WordPress plugin
CVE-2022-3719
REJECTED
- - exiv2 <not-affected> (Vulnerable code not present)
- NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707
- NOTE: Introduced by:
https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
- NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a
CVE-2022-3718
REJECTED
- - exiv2 <not-affected> (Vulnerable code not present)
- NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053
- NOTE: Issue introduced after:
https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
- NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf
CVE-2022-3717
REJECTED
- - exiv2 <not-affected> (Vulnerable code not present)
- NOTE: Introduced by:
https://github.com/Exiv2/exiv2/commit/9a6ee59421fdfa0745a5f494a3dd19af78b03ce7
- NOTE: Fixed by:
https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3
CVE-2022-3716 (A vulnerability classified as problematic was found in
SourceCodester ...)
NOT-FOR-US: SourceCodester Online Medicine Ordering System
CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]
=====================================
data/DLA/list
=====================================
@@ -40,7 +40,7 @@
{CVE-2021-36369}
[buster] - dropbear 2018.76-5+deb10u2
[10 Nov 2022] DLA-3186-1 exiv2 - security update
- {CVE-2017-11683 CVE-2020-19716 CVE-2022-3756}
+ {CVE-2017-11683 CVE-2020-19716}
[buster] - exiv2 0.25-4+deb10u3
[10 Nov 2022] DLA-3185-1 xorg-server - security update
{CVE-2022-3550 CVE-2022-3551}
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
