[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1855-1] exiv2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : exiv2
Version        : 0.24-4.1+deb8u4
CVE ID         : CVE-2019-13504

It was discovered that there was an integer overflow vulnerability
in exiv2, a tool to manipulate images containing (eg.) EXIF metadata.

This could have resulted in a denial of service via a specially-
crafted file. 

For Debian 8 "Jessie", this issue has been fixed in exiv2 version
0.24-4.1+deb8u4.

We recommend that you upgrade your exiv2 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl0xziUACgkQHpU+J9Qx
HliWoA/+I0ruFG93iq5pfTtYyHU5BqGsSLCH3qk1nUv07XLsh+wo606YvTp9fhd8
daI4GtqbJik2b4m1R8PRFlQCd6adnYlRhKUYDfVmO4LekOWEEGhmEzJTBHiMNeKx
jixUB7J5tTwWGUUijN5M70eELmFXBK9Cid1yXa5rHPJkMdwlovlZpcX6RXQMIBMQ
GRxfqYXvSTcXX6OjuY4yuk65w3pj4AEfzYN5wIq/Pq9MoDH34pFL1gF8e4mAoeQg
y5/k1m2oCg5YthyAhJnJ52ZkS1Q+ANKbpGITnOYqTGGEQV40wycG52l3zq66qkL1
R3HhXXXICrvWkvmmBxQWDAlpL/OqcuzALUuQ/4cxKlvrLTPzmTgtDIfdjxwQSYeN
qvBJ8Xb4yhUnJ8o6lj7LyWpMlGSsTG5Oy/hzUTOl00r18xoiQZLZLMHEib44VfXu
98iBf/BOC19KLasIu8/2kJDee1IZmM9zi5qGRmBa6I+EHkdmFjgCGZHtSy0xLgzl
hGjSYXNc49p8dpqX7124MucfRTXziW4POoK/ryECIRuIaUWoINRs5rKaSwIEZ0xB
LNDl18Abgx5fENwSfFYavb8UnD/V4dYUNO5kvewZeHHhS+ZX2JgiTjRRnl1dYw4K
dQoyNE7214IKgnx8qwdCkYOSD8Dvq/t3wUAp8aZhro7SaVjYAig=
=tr3A
-----END PGP SIGNATURE-----


Reply to: