[ubuntu/groovy-security] exiv2 0.27.3-3ubuntu0.2 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon May 10 18:25:07 UTC 2021

exiv2 (0.27.3-3ubuntu0.2) groovy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2021-3482-*.patch: fix buffer overflow
      in src/jp2image.cpp and adds tests test/data/poc_1522.jp2,
    - debian/source/include-binaries: add poc_1522.jp2 entry.
    - CVE-2021-3482
  * SECURITY UPDATE: An out of buffer access
    - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
      (LP: #1923479)
    - CVE-2021-29457
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
      (LP: #1923479)
    - CVE-2021-29458
  * SECURITY UPDATE: Out-of-bounds
    - debian/patches/CVE-2021-29470-*.patch: Add more bound checks in
      Jp2Image::encodeJp2Header and add some tests from/for github.
    - CVE-2021-29470

Date: 2021-04-27 17:36:24.224480+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
-------------- next part --------------
Sorry, changesfile not available.

More information about the Groovy-changes mailing list