Univention Bugzilla – Bug 53716
exiv2: Multiple issues (4.4)
Last modified: 2021-09-01 17:39:19 CEST
New Debian exiv2 0.25-3.1+deb9u3 fixes: This update addresses the following issues: * infinite loop and hang in Jp2Image::readMetadata() in jp2image.cpp could lead to DoS (CVE-2019-20421) * heap-based buffer overflow in Jp2Image::readMetadata() in jp2image.cpp (CVE-2021-3482) * heap-based buffer overflow in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29457) * out-of-bounds read in Exiv2::Jp2Image::doWriteMetadata (CVE-2021-29473) * Integer overflow in CrwMap:encode0x1810 leading to heap-based buffer overflow and DoS (CVE-2021-31292)
--- mirror/ftp/4.4/unmaintained/4.4-6/source/exiv2_0.25-3.1+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/exiv2_0.25-3.1+deb9u3.dsc @@ -1,3 +1,15 @@ +0.25-3.1+deb9u3 [Sun, 29 Aug 2021 23:12:52 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2021-31291 (Closes: #991705) + The fix for CVE-2021-31291 also required to backport a few patches that + fix some (harmless) CVEs alongside: + - CVE-2019-20421 (Closes: #950183) + - CVE-2021-3482 (Closes: #986888) + - CVE-2021-29457 (Closes: #987277) + - CVE-2021-29473 (Closes: #991705) + * CVE-2021-31292 (Closes: #991706) + 0.25-3.1+deb9u2 [Mon, 15 Jun 2020 18:15:41 -0400] Roberto C. Sanchez <roberto@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/4.4-8/#4074664823673238610>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 004ab98600 Bug #53716: exiv2 0.25-3.1+deb9u3 doc/errata/staging/exiv2.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) [4.4-8] 615413c040 Bug #53716: exiv2 0.25-3.1+deb9u3 doc/errata/staging/exiv2.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1037>