[ubuntu/focal-updates] exiv2 0.27.2-8ubuntu2.4 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Tue May 25 15:28:26 UTC 2021


exiv2 (0.27.2-8ubuntu2.4) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-29463.patch: Improve bound checking in
      WebPImage::doWriteMetadata() in src/webpimage.cpp.
    - CVE-2021-29463
  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2021-29464.patch: better bounds checking in
      Jp2Image::encodeJp2Header() in src/jp2image.cpp.
    - CVE-2021-29464
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-29473.patch: Add bounds check in
      Jp2Image::doWriteMetadata() in src/jp2image.cpp.
    - CVE-2021-29473
  * SECURITY UPDATE: Leak bytes of stack memory
    - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
      conditions of iIo.read() src/webpimage.cpp.
    - CVE-2021-29623
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
      in xmpsdk/src/XMPMeta-Parse.cpp.
    - CVE-2021-32617

Date: 2021-05-24 14:36:09.152669+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/exiv2/0.27.2-8ubuntu2.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list