[Pkg-kde-extras] Update of exiv2 in stretch

[Roberto C. Sánchez]

Hello all,

I wanted to let you know that I have prepared updates of the exiv2
packages for jessie (LTS) and wheezy (ELTS).  The patches that I
prepared applied cleanly to the exiv2 package in stretch.

The stretch packages that I built are here:

https://people.debian.org/~roberto/

I have also attached the DLA text I have published for the jessie
update.  It can serve as the basis of the DSA for stretch, if needed.

If you prefer that I go ahead with uploading the packages that I have
prepared, please let me know.

Regards,

-Roberto

-- 
Roberto C. Sánchez
-------------- next part --------------
From: Roberto C. Sánchez <roberto at debian.org>
To: debian-lts-announce at lists.debian.org
Subject: [SECURITY] [DLA 1402-1] exiv2 security update

Package        : exiv2
Version        : 0.24-4.1+deb8u1
CVE ID         : CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 
                 CVE-2018-12264 CVE-2018-12265
Debian Bug     : 901706 901707


Several vulnerabilities have been discovered in exiv2, a C++ library and
a command line utility to manage image metadata, resulting in denial of
service, heap-based buffer over-read/overflow, memory exhaustion, and
application crash.

For Debian 8 "Jessie", these problems have been fixed in version
0.24-4.1+deb8u1.

We recommend that you upgrade your exiv2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS