[Git][security-tracker-team/security-tracker][master] update exiv2 status / bugnums

Fri Feb 16 19:34:49 GMT 2024


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8543db82 by Moritz Muehlenhoff at 2024-02-16T20:34:31+01:00
update exiv2 status / bugnums

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
 CVE-2023-52160
-	- wpa <unfixed>
+	- wpa <unfixed> (bug #1064061)
 	NOTE: https://w1.fi/cgit/hostap/commit/?id=8e6485a1bcb0baff
 	NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
 CVE-2023-52161
-	- iwd <unfixed>
+	- iwd <unfixed> (bug #1064062)
 	NOTE: https://www.top10vpn.com/research/wifi-vulnerabilities/
 CVE-2024-0793
 	NOT-FOR-US: kube-controller-manager
@@ -965,9 +965,13 @@ CVE-2024-25360 (A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks
 CVE-2024-25112 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	[experimental] - exiv2 0.28.2+dfsg-1
 	- exiv2 <unfixed>
+	[bookworm] - exiv2 <no-dsa> (Minor issue)
+	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36
 	NOTE: Fixed by: https://github.com/Exiv2/exiv2/commit/355afea485550e8214ac6b449fb210a7efb71365 (v0.28.2)
-	TODO: unclear range of affected versions: while the report claims it is new in v0.28.0 the QuickTimeVideo::multipleEntriesDecoder is present earlier
+	NOTE: GHSA mentions new in v0.28.0, but that only applies to the "main" branch, where
+	NOTE: it was removed and later reintroduced. The 0.27-maintenance branch _does_ include
+	NOTE: the Quicktime decoder
 CVE-2024-25110 (The UAMQP is a general purpose C library for AMQP 1.0. During a call t ...)
 	- azure-uamqp-python <unfixed> (bug #1064051)
 	NOTE: https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695
@@ -987,9 +991,13 @@ CVE-2024-24875 (Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefeb
 CVE-2024-24826 (Exiv2 is a command-line utility and C++ library for reading, writing,  ...)
 	[experimental] - exiv2 0.28.2+dfsg-1
 	- exiv2 <unfixed>
+	[bookworm] - exiv2 <no-dsa> (Minor issue)
+	[bullseye] - exiv2 <no-dsa> (Minor issue)
 	NOTE: https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w
 	NOTE: https://github.com/Exiv2/exiv2/pull/2337
-	TODO: unclear range of affected versions: while the report claims it is new in v0.28.0 the QuickTimeVideo::NikonTagsDecoder is present earlier
+	NOTE: GHSA mentions new in v0.28.0, but that only applies to the "main" branch, where
+	NOTE: it was removed and later reintroduced. The 0.27-maintenance branch _does_ include
+	NOTE: the Quicktime decoder
 CVE-2024-24743 (SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows ...)
 	NOT-FOR-US: SAP
 CVE-2024-24742 (SAP CRM WebClient UI- version S4FND 102, S4FND 103, S4FND 104, S4FND 1 ...)
@@ -1204,7 +1212,7 @@ CVE-2024-24796 (Deserialization of Untrusted Data vulnerability in MagePeople Te
 CVE-2024-23513 (Deserialization of Untrusted Data vulnerability in PropertyHive.This i ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2024-1433 (A vulnerability, which was classified as problematic, was found in KDE ...)
-	- plasma-workspace <unfixed>
+	- plasma-workspace <unfixed> (bug #1064063)
 	NOTE: https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01
 CVE-2023-52429 (dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6 ...)
 	- linux <unfixed>



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8543db828b8ce5b1fe42bc0e2269ff7727daf748

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8543db828b8ce5b1fe42bc0e2269ff7727daf748
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240216/3f408b85/attachment.htm>
