[Pkg-kde-extras] Bug#914006: exiv2: Please package version 0.27

Richard B. Kreckel kreckel at in.terlu.de
Sat Mar 9 23:20:07 GMT 2019


On Sun, 18 Nov 2018 06:47:43 -0500 Jeremy Bicha <jbicha at debian.org> wrote:
> There is a new exiv2 0.27 RC2 tarball release. Could you look into
> whether it fixes the security issues from 0.26 and would be acceptable
> for unstable?

I just went through all Debian bug reports associated with CVEs.
As far as I can see, upstream has fixed them all in exiv2 0.27.0.

Grave bugs:
#876242 (CVE-2017-12957) <https://github.com/Exiv2/exiv2/issues/60>
#880027 (CVE-2017-14861) <https://github.com/Exiv2/exiv2/issues/139>
#880015 (CVE-2017-14866) <https://github.com/Exiv2/exiv2/issues/140>
#888863 (CVE-2017-1000127) <https://github.com/Exiv2/exiv2/issues/176>
#888864 (CVE-2017-1000126) <https://github.com/Exiv2/exiv2/issues/175>
#888865 (CVE-2017-14865) <https://github.com/Exiv2/exiv2/issues/134>
#888866 (CVE-2017-14863) <https://github.com/Exiv2/exiv2/issues/132>
#888867 (CVE-2017-14860) <https://github.com/Exiv2/exiv2/issues/71>
#888869 (CVE-2017-14857) <https://github.com/Exiv2/exiv2/issues/76>
#888872 (CVE-2017-12956) <https://github.com/Exiv2/exiv2/issues/59>
#888873 (CVE-2017-12955) <https://github.com/Exiv2/exiv2/issues/58>
#888874 (CVE-2017-11553) <https://github.com/Exiv2/exiv2/issues/54>
#894179 (CVE-2018-8977) <https://github.com/Exiv2/exiv2/issues/247>
#903763 (CVE-2018-14046) <https://github.com/Exiv2/exiv2/issues/378>
#912828 (CVE-2018-18915) <https://github.com/Exiv2/exiv2/issues/511>
#915134 (CVE-2018-19607) <https://github.com/Exiv2/exiv2/issues/561>
#923472 (CVE-2019-9143) <https://github.com/Exiv2/exiv2/issues/711>
#923473 (CVE-2019-9144) <https://github.com/Exiv2/exiv2/issues/712>

Important bugs:
#886006 (CVE-2017-17669) <https://github.com/Exiv2/exiv2/issues/187>
#886962 (CVE-2018-4868) <https://github.com/Exiv2/exiv2/issues/202>
#891044 (CVE-2017-17722) <https://github.com/Exiv2/exiv2/issues/208>
#891783 (CVE-2017-17724) <https://github.com/Exiv2/exiv2/issues/210>
#895568 (CVE-2017-11592) <https://github.com/Exiv2/exiv2/issues/56>
#897260 (CVE-2017-1000128) <https://github.com/Exiv2/exiv2/issues/177>
#903813 (CVE-2018-8976) <https://github.com/Exiv2/exiv2/issues/246>
#910060 (CVE-2018-17581) <https://github.com/Exiv2/exiv2/issues/460>
#910909 (CVE-2018-9145) <https://github.com/Exiv2/exiv2/pull/470>
#913272 (CVE-2018-19108) <https://github.com/Exiv2/exiv2/issues/426>
#913273 (CVE-2018-19107) <https://github.com/Exiv2/exiv2/issues/427>
#915135 (CVE-2018-19535) <https://github.com/Exiv2/exiv2/issues/428>
#916081 (CVE-2018-16336) <https://github.com/Exiv2/exiv2/issues/400>

This looks good to me!

  -richy.



More information about the pkg-kde-extras mailing list