[Git][security-tracker-team/security-tracker][master] mark libmetadata-extractor-java as unimportant
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Wed Jun 8 17:03:05 BST 2022
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
856a2172 by Moritz Muehlenhoff at 2022-06-08T18:01:08+02:00
mark libmetadata-extractor-java as unimportant
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -22794,17 +22794,15 @@ CVE-2022-24615 (zip4j up to v2.10.0 can throw various uncaught exceptions while
[bullseye] - zip4j <no-dsa> (Minor issue)
NOTE: https://github.com/srikanth-lingala/zip4j/issues/377
CVE-2022-24614 (When reading a specially crafted JPEG file, metadata-extractor up to 2 ...)
- - libmetadata-extractor-java <unfixed>
- [bullseye] - libmetadata-extractor-java <no-dsa> (Minor issue)
- [buster] - libmetadata-extractor-java <no-dsa> (Minor issue)
- [stretch] - libmetadata-extractor-java <no-dsa> (Minor issue)
+ - libmetadata-extractor-java <unfixed> (unimportant)
NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
+ NOTE: Fixed in 2.18.0 but per upstream there's no real security impact:
+ NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784
CVE-2022-24613 (metadata-extractor up to 2.16.0 can throw various uncaught exceptions ...)
- - libmetadata-extractor-java <unfixed>
- [bullseye] - libmetadata-extractor-java <no-dsa> (Minor issue)
- [buster] - libmetadata-extractor-java <no-dsa> (Minor issue)
- [stretch] - libmetadata-extractor-java <no-dsa> (Minor issue)
+ - libmetadata-extractor-java <unfixed> (unimportant)
NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561
+ NOTE: Fixed in 2.18.0 but per upstream there's no real security impact:
+ NOTE: https://github.com/drewnoakes/metadata-extractor/issues/561#issuecomment-1086967784
CVE-2022-24612 (An authenticated user can upload an XML file containing an XSS via the ...)
NOT-FOR-US: EyesOfNetwork (EON) eonweb
CVE-2022-24611 (Denial of Service (DoS) in the Z-Wave S0 NonceGet protocol specificati ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/856a21722b51a9c9899f91bc2d4e9b13cc6d5d43
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/856a21722b51a9c9899f91bc2d4e9b13cc6d5d43
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220608/99ef1874/attachment.htm>
More information about the debian-security-tracker-commits
mailing list