[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2750-1] exiv2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-2750-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
August 30, 2021                             https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : exiv2
Version        : 0.25-3.1+deb9u3
CVE ID         : CVE-2019-20421 CVE-2021-3482 CVE-2021-29457
                 CVE-2021-29473 CVE-2021-31291 CVE-2021-31292
Debian Bug     : 950183 986888 987277 991705 991705 991706

Several vulnerabilities have been discovered in Exiv2, a C++ library
and a command line utility to manage image metadata which could result
in denial of service or the execution of arbitrary code if a malformed
file is parsed.

For Debian 9 stretch, these problems have been fixed in version
0.25-3.1+deb9u3.

We recommend that you upgrade your exiv2 packages.

For the detailed security status of exiv2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/exiv2

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmEsSkYACgkQgj6WdgbD
S5YLiA/+L1ZQkvLEskeRcJ4zWSlpvXIG73s88LUt9d+NeelSSp6nh8RtQMv6bp8W
nQ8Gj4LZDdEULy/vFcrc5u3igeCJvSkZhBCU7amEULANYe7t5sz4hhlNenn+JSeZ
6KErHDiML3O3jl03b5CQbfOHnT8RWojyHEU48daNjDMxcEhpWPt9U1ISN+6Gq2rP
AeQ0JTwCSL0N0pafax7vzJ7cwQXW/kdMILs8lVdMcVNUP4Ki9DjBa6LgdQ7CFrfQ
yvkNVO44Hsq6iknkEBTPhM/FudJ5ALv5Gjp+r8ZMbUbc02rlqbjyKFShUrLQwXy8
KaYB/oozScQ2lEG2ZUuKevG1PHot+EU+C7UWv3j16UiADJqhU6sHuZCUSfCUTfcw
vGwDE01Ud7PTeQEd4hLHsNRawBmpktSx12TqvdUQ3oFiZzRuvIo8HAltb/+TfuyB
OtiFJlP3qyAaD5RHXx9iTxrclYzTTJSKtgBsBCnGuVmf3B4aJXRIn+FxuMOiHIAj
+CVUKCJRoPt+Xwf0w8MXBLisL3Y1wbcsdfP5cjB4SB+0L2IxSUXV10MP1Q/9+qf9
fI9qnTOB2VDPYg9lhht7pTAueMdKDUbPwnIHz7TgvnMbfY64B6ceM3Svc5g+kfRL
x06Jo0po8qr5SpJoJ2H5JsufLyWBzmJcGiYbDsVRwqBKDrsnLVM=
=m8sl
-----END PGP SIGNATURE-----


Reply to: