[Git][security-tracker-team/security-tracker][master] add libimage-exiftool-perl to dsa-needed

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
71b9adeb by Moritz Muehlenhoff at 2021-04-26T14:19:31+02:00
add libimage-exiftool-perl to dsa-needed
NFUs
new gitlab issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -21282,7 +21282,7 @@ CVE-2021-22542
 CVE-2021-22541
 	RESERVED
 CVE-2021-22540 (Bad validation logic in the Dart SDK versions prior to 2.12.3 allow an ...)
-	TODO: check
+	NOT-FOR-US: Dart SDK
 CVE-2021-22539 (An attacker can place a crafted JSON config file into the project fold ...)
 	NOT-FOR-US: VScode-bazel
 CVE-2021-22538 (A privilege escalation vulnerability impacting the Google Exposure Not ...)
@@ -21955,7 +21955,7 @@ CVE-2021-22207 (Excessive memory consumption in MS-WSP dissector in Wireshark 3.
 CVE-2021-22206
 	RESERVED
 CVE-2021-22205 (An issue has been discovered in GitLab CE/EE affecting all versions st ...)
-	TODO: check
+	- gitlab <unfixed>
 CVE-2021-22204 (Improper neutralization of user data in the DjVu file format in ExifTo ...)
 	- libimage-exiftool-perl 12.16+dfsg-2 (bug #987505)
 	NOTE: https://bugs.launchpad.net/bugs/1925985
@@ -28488,19 +28488,19 @@ CVE-2021-20091
 CVE-2021-20090
 	RESERVED
 CVE-2021-20089 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: purl javascript URL parser (different from src:purl)
 CVE-2021-20088 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: mootools-more
 CVE-2021-20087 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: jquery-deparam
 CVE-2021-20086 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: jquery-bbq
 CVE-2021-20085 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: backbone-query-parameters
 CVE-2021-20084 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: jquery-sparkle
 CVE-2021-20083 (Improperly Controlled Modification of Object Prototype Attributes ('Pr ...)
-	TODO: check
+	NOT-FOR-US: jquery-plugin-query-object
 CVE-2021-20082
 	RESERVED
 CVE-2021-20081


=====================================
data/dsa-needed.txt
=====================================
@@ -19,6 +19,8 @@ condor
 libhibernate3-java
   Markus Koschany proposed debdiff for review: <15258f788bac283a47d84c2beab73e17b805ba46.camel at debian.org>
 --
+libimage-exiftool-perl
+--
 linux (carnil)
   Wait until more issues have piled up, though try to regulary rebase for point
   releases to more recent v4.19.y versions.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71b9adeb0335c63054e4c98e68a79891bdfbec09

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71b9adeb0335c63054e4c98e68a79891bdfbec09
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210426/7e84be0d/attachment.htm>