[ubuntu/groovy-security] exiv2 0.27.3-3ubuntu0.4 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Tue May 25 14:45:56 UTC 2021

exiv2 (0.27.3-3ubuntu0.4) groovy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-29463.patch: Improve bound checking in
      WebPImage::doWriteMetadata() in src/webpimage.cpp.
    - CVE-2021-29463
  * SECURITY UPDATE: Heap buffer overflow
    - debian/patches/CVE-2021-29464.patch: better bounds checking in
      Jp2Image::encodeJp2Header() in src/jp2image.cpp.
    - CVE-2021-29464
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-29473.patch: Add bounds check in
      Jp2Image::doWriteMetadata() in src/jp2image.cpp.
    - CVE-2021-29473
  * SECURITY UPDATE: Leak bytes of stack memory
    - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
      conditions of iIo.read() src/webpimage.cpp.
    - CVE-2021-29623
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
      in xmpsdk/src/XMPMeta-Parse.cpp.
    - CVE-2021-32617

Date: 2021-05-24 13:50:09.462222+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
-------------- next part --------------
Sorry, changesfile not available.

More information about the Groovy-changes mailing list