[Bug 260590] graphics/p5-Image-ExifTool: Update to 12.30, Request MAINTAINER'ship

In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 260590] graphics/p5-Image-ExifTool: Update to 12.30"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Mon, 24 Jan 2022 14:47:56 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=260590

Rafael Grether <devnull@apt322.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #231273|text/xml                    |text/plain
          mime type|                            |

--- Comment #5 from Rafael Grether <devnull@apt322.org> ---
Created attachment 231273
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=231273&action=edit
VuXML entry

Added a new entry in VuXML, identified by VID
955f377e-7bc3-11ec-a51c-7533f219d428

It has been largely exploited in the wild.
Exploit: https://github.com/se162xg/CVE-2021-22204

Also, GitLab CE/EE was vulnerable too (until 13.10.2 version), since GitLab
CE/EE Preauth RCE use ExifTool. But the package is already updated in FreeBSD
ports, so GitLab is no longer vulnerable.
So I don't know if it's necessary to add a new entry in vuXML for GitLabCE. If
so, let me know so I can add it too.

-- 
You are receiving this mail because:
You are the assignee for the bug.