[Git][security-tracker-team/security-tracker][master] Track fixed version for exiv2 issues via unstable
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Thu Feb 10 20:47:24 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
910e773f by Salvatore Bonaccorso at 2022-02-10T21:46:13+01:00
Track fixed version for exiv2 issues via unstable
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -35033,42 +35033,42 @@ CVE-2021-37624 (FreeSWITCH is a Software Defined Telecom Stack enabling the digi
- freeswitch <itp> (bug #389591)
NOTE: https://github.com/signalwire/freeswitch/security/advisories/GHSA-mjcm-q9h8-9xv3
CVE-2021-37623 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mvc4-g5pv-4qqq
NOTE: https://github.com/Exiv2/exiv2/pull/1790
CVE-2021-37622 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-9jh3-fcc3-g6hv
NOTE: https://github.com/Exiv2/exiv2/pull/1788
CVE-2021-37621 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-m479-7frc-gqqg
NOTE: https://github.com/Exiv2/exiv2/pull/1778
CVE-2021-37620 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <ignored> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-v5g7-46xf-h728
NOTE: https://github.com/Exiv2/exiv2/pull/1769
CVE-2021-37619 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mxw9-qx4c-6m8v
NOTE: https://github.com/Exiv2/exiv2/pull/1752
CVE-2021-37618 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -35078,14 +35078,14 @@ CVE-2021-37617 (The Nextcloud Desktop Client is a tool to synchronize files from
- nextcloud-desktop <not-affected> (Doesn't affect Nextcloud client as shipped in Debian)
NOTE: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
CVE-2021-37616 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-54f7-vvj7-545w
NOTE: https://github.com/Exiv2/exiv2/pull/1758
CVE-2021-37615 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed>
+ - exiv2 0.27.5-1
[bullseye] - exiv2 <ignored> (Minor issue)
[buster] - exiv2 <ignored> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -42829,12 +42829,12 @@ CVE-2021-34337 [password checking timing attack in administrative REST API]
CVE-2021-34336
RESERVED
CVE-2021-34335 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #992707)
+ - exiv2 0.27.5-1 (bug #992707)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-pvjp-m4f6-q984
NOTE: https://github.com/Exiv2/exiv2/pull/1750
CVE-2021-34334 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #992706)
+ - exiv2 0.27.5-1 (bug #992706)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-hqjh-hpv8-8r9p
NOTE: https://github.com/Exiv2/exiv2/pull/1766
@@ -46488,7 +46488,7 @@ CVE-2021-32817 (express-hbs is an Express handlebars template engine. express-hb
CVE-2021-32816 (ProtonMail Web Client is the official AngularJS web client for the Pro ...)
NOT-FOR-US: ProtonMail Web Client
CVE-2021-32815 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #992705)
+ - exiv2 0.27.5-1 (bug #992705)
[stretch] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-mv9g-fxh2-m49m
NOTE: https://github.com/Exiv2/exiv2/pull/1739
@@ -47064,7 +47064,7 @@ CVE-2021-32619 (Deno is a runtime for JavaScript and TypeScript that uses V8 and
CVE-2021-32618 (The Python "Flask-Security-Too" package is used for adding security fe ...)
NOT-FOR-US: Flask-Security-Too
CVE-2021-32617 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #988731)
+ - exiv2 0.27.5-1 (bug #988731)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -54398,7 +54398,7 @@ CVE-2021-30002 (An issue was discovered in the Linux kernel before 5.11.3 when a
NOTE: https://git.kernel.org/linus/fb18802a338b36f675a388fc03d2aa504a0d0899
CVE-2021-3482 (A flaw was found in Exiv2 in versions before and including 0.27.4-RC1. ...)
{DSA-4958-1 DLA-2750-1}
- - exiv2 <unfixed> (bug #986888)
+ - exiv2 0.27.5-1 (bug #986888)
[bullseye] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/issues/1522
NOTE: https://github.com/Exiv2/exiv2/commit/22ea582c6b74ada30bec3a6b15de3c3e52f2b4da
@@ -55179,7 +55179,7 @@ CVE-2021-29625 (Adminer is open-source database management software. A cross-sit
CVE-2021-29624 (fastify-csrf is an open-source plugin helps developers protect their F ...)
NOT-FOR-US: fastify-csrf
CVE-2021-29623 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
- - exiv2 <unfixed> (bug #988481)
+ - exiv2 0.27.5-1 (bug #988481)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
@@ -55537,7 +55537,7 @@ CVE-2021-29474 (HedgeDoc (formerly known as CodiMD) is an open-source collaborat
NOT-FOR-US: HedgeDoc
CVE-2021-29473 (Exiv2 is a C++ library and a command-line utility to read, write, dele ...)
{DSA-4958-1 DLA-2750-1}
- - exiv2 <unfixed> (bug #987736)
+ - exiv2 0.27.5-1 (bug #987736)
[bullseye] - exiv2 <no-dsa> (Minor issue)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-7569-phvm-vwc2
NOTE: https://github.com/Exiv2/exiv2/pull/1587
@@ -55553,7 +55553,7 @@ CVE-2021-29471 (Synapse is a Matrix reference homeserver written in python (pypi
NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-x345-32rc-8h85
NOTE: https://github.com/matrix-org/synapse/commit/03318a766cac9f8b053db2214d9c332a977d226c (v1.33.2)
CVE-2021-29470 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #987450)
+ - exiv2 0.27.5-1 (bug #987450)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
@@ -55576,14 +55576,14 @@ CVE-2021-29466 (Discord-Recon is a bot for the Discord chat service. In versions
CVE-2021-29465 (Discord-Recon is a bot for the Discord chat service. Versions of Disco ...)
NOT-FOR-US: Discord-Recon
CVE-2021-29464 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #988242)
+ - exiv2 0.27.5-1 (bug #988242)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <not-affected> (Vulnerable code introduced later)
[stretch] - exiv2 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-jgm9-5fw5-pw9p
NOTE: https://github.com/Exiv2/exiv2/commit/f9308839198aca5e68a65194f151a1de92398f54
CVE-2021-29463 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #988241)
+ - exiv2 0.27.5-1 (bug #988241)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <not-affected> (webp support introduced in 0.27)
[stretch] - exiv2 <not-affected> (webp support introduced in 0.27)
@@ -55605,7 +55605,7 @@ CVE-2021-29460 (Kirby is an open source CMS. An editor with write access to the
CVE-2021-29459 (XWiki Platform is a generic wiki platform offering runtime services fo ...)
NOT-FOR-US: XWiki
CVE-2021-29458 (Exiv2 is a command-line utility and C++ library for reading, writing, ...)
- - exiv2 <unfixed> (bug #987277)
+ - exiv2 0.27.5-1 (bug #987277)
[bullseye] - exiv2 <no-dsa> (Minor issue)
[buster] - exiv2 <no-dsa> (Minor issue)
[stretch] - exiv2 <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/910e773f68055dafd155f5f60fd618499fc3c21d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/910e773f68055dafd155f5f60fd618499fc3c21d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220210/56dcf450/attachment.htm>
More information about the debian-security-tracker-commits
mailing list