View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0007183Kali LinuxTool Upgrade Requestpublic2021-05-08 21:142021-05-25 08:43
Reporterscriptstyle Assigned Tosbrun  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Version2021.1 
Summary0007183: exiftool 12.16
Description

latest kali repo has not updates exiftool from 12.16 - 12.24
6.8
CVSSv2
CVE-2021-22204
Published: 23/04/2021 Updated: 05/05/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Relationships

Relationship GraphDependency Graph
has duplicate 0007197 closedsbrun Exiftool CVE-2021-22204 

Activities

sbrun

sbrun

2021-05-10 09:29

manager   ~0014528

The package libimage-exiftool-perl (which provides exiftool) is maintained in Debian.

The Debian maintainers can't update the package to a new upstream version as Debian is "freezed" right now (normal process before the new Debian Release).
But they are allowed to fix security issues and they had fixed this security issue in version 12.16+dfsg-2:
https://tracker.debian.org/media/packages/libi/libimage-exiftool-perl/changelog-12.16dfsg-2

We have the Debian version with the fix in kali-rolling.

Issue History

Date Modified Username Field Change
2021-05-08 21:14 scriptstyle New Issue
2021-05-08 21:14 scriptstyle Status new => assigned
2021-05-08 21:14 scriptstyle Assigned To => sbrun
2021-05-10 09:29 sbrun Status assigned => resolved
2021-05-10 09:29 sbrun Resolution open => fixed
2021-05-10 09:29 sbrun Note Added: 0014528
2021-05-25 08:43 sbrun Relationship added has duplicate 0007197
2021-05-31 13:37 rhertzog Category Tool Upgrade => Tool Upgrade Request