View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007183 | Kali Linux | [All Projects] Tool Upgrade Request | public | 2021-05-08 21:14 | 2021-05-25 08:43 |
| Reporter | scriptstyle | Assigned To | sbrun | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | resolved | Resolution | fixed | ||
| Product Version | 2021.1 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0007183: exiftool 12.16 | ||||
| Description | latest kali repo has not updates exiftool from 12.16 - 12.24 6.8 CVSSv2 CVE-2021-22204 Published: 23/04/2021 Updated: 05/05/2021 CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6 CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P | ||||
|
|
The package libimage-exiftool-perl (which provides exiftool) is maintained in Debian. The Debian maintainers can't update the package to a new upstream version as Debian is "freezed" right now (normal process before the new Debian Release). But they are allowed to fix security issues and they had fixed this security issue in version 12.16+dfsg-2: https://tracker.debian.org/media/packages/libi/libimage-exiftool-perl/changelog-12.16dfsg-2 We have the Debian version with the fix in kali-rolling. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2021-05-08 21:14 | scriptstyle | New Issue | |
| 2021-05-08 21:14 | scriptstyle | Status | new => assigned |
| 2021-05-08 21:14 | scriptstyle | Assigned To | => sbrun |
| 2021-05-10 09:29 | sbrun | Status | assigned => resolved |
| 2021-05-10 09:29 | sbrun | Resolution | open => fixed |
| 2021-05-10 09:29 | sbrun | Note Added: 0014528 | |
| 2021-05-25 08:43 | sbrun | Relationship added | has duplicate 0007197 |
| 2021-05-31 13:37 | rhertzog | Category | Tool Upgrade => Tool Upgrade Request |