Created attachment 234623 [details] Updating-p5-Image-ExifTool-12.42 @COMMITER, please update graphics/p5-Image-ExifTool. There is also security vulnerability, leading to RCE. Added entry in VuXML: CVE-2022-23935 QA tests passed.
Created attachment 234624 [details] vuXML-CVE-2022-23935 Added vuXML entry: CVE-2022-23935 lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=37712655fcaaaa0d99082c17db774f63cbd878a8 commit 37712655fcaaaa0d99082c17db774f63cbd878a8 Author: Rafael Grether <devnull@apt322.org> AuthorDate: 2022-06-11 17:20:18 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-06-21 21:09:38 +0000 graphics/p5-Image-ExifTool: Update to 12.42 PR: 264618 MFH: 2022Q2 (security blanket) Security: CVE-2022-23935 graphics/p5-Image-ExifTool/Makefile | 2 +- graphics/p5-Image-ExifTool/distinfo | 6 +++--- graphics/p5-Image-ExifTool/pkg-plist | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-)
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d1a91ac3af2def2af574b9d6266ead4811aaf6fd commit d1a91ac3af2def2af574b9d6266ead4811aaf6fd Author: Rafael Grether <devnull@apt322.org> AuthorDate: 2022-06-21 21:05:51 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-06-21 21:09:38 +0000 graphics/p5-Image-ExifTool: Add an vuxml entry for update 12.42 PR: 264618 security/vuxml/vuln-2022.xml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
Committed and MFH'd!
A commit in branch 2022Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=294ffa9e571f7489af1b75cc82dba8941772d02c commit 294ffa9e571f7489af1b75cc82dba8941772d02c Author: Rafael Grether <devnull@apt322.org> AuthorDate: 2022-06-11 17:20:18 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-06-21 21:10:35 +0000 graphics/p5-Image-ExifTool: Update to 12.42 PR: 264618 MFH: 2022Q2 (security blanket) Security: CVE-2022-23935 (cherry picked from commit 37712655fcaaaa0d99082c17db774f63cbd878a8) graphics/p5-Image-ExifTool/Makefile | 2 +- graphics/p5-Image-ExifTool/distinfo | 6 +++--- graphics/p5-Image-ExifTool/pkg-plist | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-)
*** Bug 262414 has been marked as a duplicate of this bug. ***