Summary: | graphics/p5-Image-ExifTool: Update to 12.42 - (fixed security vulnerability) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | Rafael Grether <devnull> | ||||||
Component: | Individual Port(s) | Assignee: | Neel Chauhan <nc> | ||||||
Status: | Closed FIXED | ||||||||
Severity: | Affects Many People | CC: | nc, ports-secteam, takefu | ||||||
Priority: | --- | Keywords: | security | ||||||
Version: | Latest | Flags: | devnull:
merge-quarterly?
|
||||||
Hardware: | Any | ||||||||
OS: | Any | ||||||||
URL: | https://exiftool.org/history.html | ||||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264873 | ||||||||
Attachments: |
|
Created attachment 234624 [details]
vuXML-CVE-2022-23935
Added vuXML entry:
CVE-2022-23935
lib/Image/ExifTool.pm in ExifTool before 12.38 mishandles a $file =~ /\|$/ check, leading to command injection
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=37712655fcaaaa0d99082c17db774f63cbd878a8 commit 37712655fcaaaa0d99082c17db774f63cbd878a8 Author: Rafael Grether <devnull@apt322.org> AuthorDate: 2022-06-11 17:20:18 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-06-21 21:09:38 +0000 graphics/p5-Image-ExifTool: Update to 12.42 PR: 264618 MFH: 2022Q2 (security blanket) Security: CVE-2022-23935 graphics/p5-Image-ExifTool/Makefile | 2 +- graphics/p5-Image-ExifTool/distinfo | 6 +++--- graphics/p5-Image-ExifTool/pkg-plist | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=d1a91ac3af2def2af574b9d6266ead4811aaf6fd commit d1a91ac3af2def2af574b9d6266ead4811aaf6fd Author: Rafael Grether <devnull@apt322.org> AuthorDate: 2022-06-21 21:05:51 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-06-21 21:09:38 +0000 graphics/p5-Image-ExifTool: Add an vuxml entry for update 12.42 PR: 264618 security/vuxml/vuln-2022.xml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) Committed and MFH'd! A commit in branch 2022Q2 references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=294ffa9e571f7489af1b75cc82dba8941772d02c commit 294ffa9e571f7489af1b75cc82dba8941772d02c Author: Rafael Grether <devnull@apt322.org> AuthorDate: 2022-06-11 17:20:18 +0000 Commit: Neel Chauhan <nc@FreeBSD.org> CommitDate: 2022-06-21 21:10:35 +0000 graphics/p5-Image-ExifTool: Update to 12.42 PR: 264618 MFH: 2022Q2 (security blanket) Security: CVE-2022-23935 (cherry picked from commit 37712655fcaaaa0d99082c17db774f63cbd878a8) graphics/p5-Image-ExifTool/Makefile | 2 +- graphics/p5-Image-ExifTool/distinfo | 6 +++--- graphics/p5-Image-ExifTool/pkg-plist | 2 ++ 3 files changed, 6 insertions(+), 4 deletions(-) *** Bug 262414 has been marked as a duplicate of this bug. *** |
Created attachment 234623 [details] Updating-p5-Image-ExifTool-12.42 @COMMITER, please update graphics/p5-Image-ExifTool. There is also security vulnerability, leading to RCE. Added entry in VuXML: CVE-2022-23935 QA tests passed.