[ubuntu/bionic-updates] exiv2 0.25-3.1ubuntu0.18.04.11 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue Aug 17 18:28:23 UTC 2021

exiv2 (0.25-3.1ubuntu0.18.04.11) bionic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes
      adds msgs prints for DEBUG flags in
    - CVE-2021-32815
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-34334-*.patch: adds
      an extra checking to prevent the loop counter from wrapping around in
      crwimage.cpp; changes type of escapeStart to size_t in src/exiv2.cpp;
    - CVE-2021-34334
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2021-37620-*.patch:
      check that type isn't an empty string in src/values.cpp and
      adds safer vector indexing in multiples files in src/*.
    - CVE-2021-37620
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2021-37622-*.patch: makes sure
      that read is complete to prevent infinite loop and remove dedundant
      check in src/jpgimage.cpp.
    - CVE-2021-37622
  * debian/patches/fix_enforce_include.patch: includes enforce in

Date: 2021-08-16 18:02:10.148879+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list