[ubuntu/impish-proposed] exiv2 0.27.3-3ubuntu3 (Accepted)

Leonidas Da Silva Barbosa leo.barbosa at canonical.com
Thu Jul 29 15:39:15 UTC 2021 

exiv2 (0.27.3-3ubuntu3) impish; urgency=medium

  * SECURITY UPDATE: Leak bytes of stack memory
    - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
      conditions of iIo.read() src/webpimage.cpp.
    - CVE-2021-29623
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
      in xmpsdk/src/XMPMeta-Parse.cpp.
    - CVE-2021-32617
  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
      and throw exception in case box is broken in src/jp2image.cpp.
    - CVE-2021-31291

Date: Wed, 28 Jul 2021 11:43:24 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/exiv2/0.27.3-3ubuntu3
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Jul 2021 11:43:24 -0300
Source: exiv2
Built-For-Profiles: noudeb
Architecture: source
Version: 0.27.3-3ubuntu3
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
 exiv2 (0.27.3-3ubuntu3) impish; urgency=medium
 .
   * SECURITY UPDATE: Leak bytes of stack memory
     - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
       conditions of iIo.read() src/webpimage.cpp.
     - CVE-2021-29623
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
       in xmpsdk/src/XMPMeta-Parse.cpp.
     - CVE-2021-32617
   * SECURITY UPDATE: Buffer Overflow
     - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
       and throw exception in case box is broken in src/jp2image.cpp.
     - CVE-2021-31291
Checksums-Sha1:
 6a8c101a6f221c689e6bd2dd7d7a5b01ac7ac0fd 2370 exiv2_0.27.3-3ubuntu3.dsc
 81a378579d30184554f78f9ac22058ce5549e55b 30808 exiv2_0.27.3-3ubuntu3.debian.tar.xz
 ec5a057ea448e523ebae1a4ef71ea1ac47071dbb 10949 exiv2_0.27.3-3ubuntu3_source.buildinfo
Checksums-Sha256:
 ddb5c214c9000525d3edfcc1d2f44e9f86013c49f8cf8bd56170466550685309 2370 exiv2_0.27.3-3ubuntu3.dsc
 5cf096c0211408ac66f1f7bacc80165b239223a64497f4b4307f446f687ef30b 30808 exiv2_0.27.3-3ubuntu3.debian.tar.xz
 e4f1ed5e95af017c57ec47883ccdfee1be4e66ca078f75fea6f934763e43a20a 10949 exiv2_0.27.3-3ubuntu3_source.buildinfo
Files:
 17eeaf46ab4b2d96ca00be0b43f424d8 2370 graphics optional exiv2_0.27.3-3ubuntu3.dsc
 88dc039fa4c1cf145e2120e03fd34ed1 30808 graphics optional exiv2_0.27.3-3ubuntu3.debian.tar.xz
 3b1e8dc2c77c129b7a348371a5ef64d7 10949 graphics optional exiv2_0.27.3-3ubuntu3_source.buildinfo
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>

More information about the impish-changes mailing list