[Git][security-tracker-team/security-tracker][master] Drop several CVEs (originally assigned to exiv2)

Mon Nov 21 20:42:10 GMT 2022


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d515e028 by Salvatore Bonaccorso at 2022-11-21T21:40:47+01:00
Drop several CVEs (originally assigned to exiv2)

Furhter investigation has shown that they were not security issues and
the assigning CNA has withrawn it.

This impacts as well DLA 3186-1 list of CVE.

- - - - -


2 changed files:

- data/CVE/list
- data/DLA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1923,11 +1923,6 @@ CVE-2022-3954
 	RESERVED
 CVE-2022-3953
 	REJECTED
-	- exiv2 <unfixed>
-	NOTE: https://github.com/Exiv2/exiv2/commit/771ead87321ae6e39e5c9f6f0855c58cde6648f1
-	NOTE: https://github.com/Exiv2/exiv2/pull/2394
-	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52731
-	TODO: check details
 CVE-2022-3952 (A vulnerability has been found in ManyDesigns Portofino 5.3.2 and clas ...)
 	NOT-FOR-US: ManyDesigns Portofino
 CVE-2022-3951
@@ -5853,21 +5848,10 @@ CVE-2022-43998
 	RESERVED
 CVE-2022-3757
 	REJECTED
-	- exiv2 <not-affected> (Vulnerable code not present)
-	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50901
-	NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
-	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/d3651fdbd352cbaf259f89abf7557da343339378
 CVE-2022-3756
 	REJECTED
-	{DLA-3186-1}
-	- exiv2 <unfixed>
-	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/bf4f28b727bdedbd7c88179c30d360e54568a62e
 CVE-2022-3755
 	REJECTED
-	- exiv2 <not-affected> (Vulnerable code not present)
-	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52382
-	NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
-	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/6bb956ad808590ce2321b9ddf6772974da27c4ca
 CVE-2022-3754 (Weak Password Requirements in GitHub repository thorsten/phpmyfaq prio ...)
 	NOT-FOR-US: phpmyfaq
 CVE-2022-3753 (The Evaluate WordPress plugin through 1.0 does not sanitize and escape ...)
@@ -7774,21 +7758,10 @@ CVE-2022-3720 (The Event Monster WordPress plugin before 1.2.0 does not validate
 	NOT-FOR-US: WordPress plugin
 CVE-2022-3719
 	REJECTED
-	- exiv2 <not-affected> (Vulnerable code not present)
-	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51707
-	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
-	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a38e124076138e529774d5ec9890d0731058115a
 CVE-2022-3718
 	REJECTED
-	- exiv2 <not-affected> (Vulnerable code not present)
-	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52053
-	NOTE: Issue introduced after: https://github.com/Exiv2/exiv2/commit/e4adf388aaaccccaf08fc0fc38419a5b0117b299
-	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/459910c36a21369c09b75bcfa82f287c9da56abf
 CVE-2022-3717
 	REJECTED
-	- exiv2 <not-affected> (Vulnerable code not present)
-	NOTE: Introduced by: https://github.com/Exiv2/exiv2/commit/9a6ee59421fdfa0745a5f494a3dd19af78b03ce7
-	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/a58e52ed702d3bc7b8bab7ec1d70a4849eebece3
 CVE-2022-3716 (A vulnerability classified as problematic was found in SourceCodester  ...)
 	NOT-FOR-US: SourceCodester Online Medicine Ordering System
 CVE-2022-3715 [a heap-buffer-overflow in valid_parameter_transform]


=====================================
data/DLA/list
=====================================
@@ -40,7 +40,7 @@
 	{CVE-2021-36369}
 	[buster] - dropbear 2018.76-5+deb10u2
 [10 Nov 2022] DLA-3186-1 exiv2 - security update
-	{CVE-2017-11683 CVE-2020-19716 CVE-2022-3756}
+	{CVE-2017-11683 CVE-2020-19716}
 	[buster] - exiv2 0.25-4+deb10u3
 [10 Nov 2022] DLA-3185-1 xorg-server - security update
 	{CVE-2022-3550 CVE-2022-3551}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d515e0283c184508fdf2ced6bcb8b321bb9ecedf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20221121/40a5da75/attachment.htm>
