[Pkg-phototools-devel] Bug#918730: libexif: CVE-2018-20030: Input validation issue resulting in a denial of service
Moritz Mühlenhoff
jmm at inutil.org
Sun Feb 10 13:24:43 GMT 2019
On Tue, Jan 08, 2019 at 09:36:52PM +0100, Salvatore Bonaccorso wrote:
> Source: libexif
> Version: 0.6.21-5
> Severity: important
> Tags: security upstream
> Control: found -1 0.6.21-2
>
> Hi,
>
> The following vulnerability was published for libexif, for now filling
> primarly for tracking, as there is not much details provided as well
> if searching the cross references to other distros bugtrackers.
>
> CVE-2018-20030[0]:
> Input validation issue resulting in a denial of service
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2018-20030
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030
> [1] https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
This is fixed in
https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89
Can we go that into buster, please?
Cheers,
Moritz
More information about the Pkg-phototools-devel
mailing list