Univention Bugzilla – Bug 51705
exiv2: Multiple issues (4.4)
Last modified: 2020-07-29 16:50:38 CEST
New Debian exiv2 0.25-3.1+deb9u2 fixes: This update addresses the following issue: * heap-based buffer over-read via a crafted image file (CVE-2018-16336)
--- mirror/ftp/4.3/unmaintained/4.3-2/source/exiv2_0.25-3.1+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/exiv2_0.25-3.1+deb9u2.dsc @@ -1,3 +1,11 @@ +0.25-3.1+deb9u2 [Mon, 15 Jun 2020 18:15:41 -0400] Roberto C. Sanchez <roberto@debian.org>: + + * Non-maintainer upload by the Security Team. + * Minor adjustment to the patch for CVE-2018-10958 and CVE-2018-10999. The + initial patch was overly restrictive in counting PNG image chunks. + * CVE-2018-16336: remote denial of service (heap-based buffer over-read) via + a crafted image file. + 0.25-3.1+deb9u1 [Wed, 27 Jun 2018 08:09:36 -0400] Roberto C. Sanchez <roberto@debian.org>: * Non-maintainer upload by the Security Team. <http://10.200.17.11/4.4-5/#4074664823672156085>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 0f29757cd8 Bug #51705: exiv2 0.25-3.1+deb9u2 doc/errata/staging/exiv2.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-5] 8f1bffa34f Bug #51705: exiv2 0.25-3.1+deb9u2 doc/errata/staging/exiv2.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x659>