Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package exiv2 for openSUSE:Factory checked in at 2022-10-12 18:23:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exiv2 (Old) and /work/SRC/openSUSE:Factory/.exiv2.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exiv2" Wed Oct 12 18:23:54 2022 rev:64 rq:1007902 version:0.27.5 Changes: -------- --- /work/SRC/openSUSE:Factory/exiv2/exiv2.changes 2022-10-03 13:44:16.573285310 +0200 +++ /work/SRC/openSUSE:Factory/.exiv2.new.2275/exiv2.changes 2022-10-12 18:25:02.801717715 +0200 @@ -158 +158,9 @@ -- update to official RC2 tarball release +- update to official RC2 tarball release: + which obsoletes the following patches in previous dists as backports + that have always been upstream: + * obsoletes 0001-PSD-Use-Safe-add-for-preventing-overflows-in-PSD-fil.patch + * obsoletes 0002-PSD-enforce-Length-of-image-resource-section-file-si.patch (CVE-2018-19108, bsc#1115364) + * obsoletes 0001-Fix-561.-Use-proper-counter-for-the-idx-variable.patch (CVE-2018-19607, bsc#1117513) + * obsoletes 0001-Avoid-null-pointer-exception-due-to-NULL-return-valu.patch (bsc#1142684, CVE-2019-13114) + * obsoletes 0001-IptcData-printStructure-Remove-buffer-overrun.patch (bsc#1088424, CVE-2018-9305) + * obsoletes 0001-Fix-SEGV-in-DataValue-Copy.patch (bsc#1109299, CVE-2018-17282) @@ -184,0 +193,4 @@ + * Fixes CVE-2017-9239 (bsc#1040973): null pointer dereference in doWriteImage + * Fixes CVE-2018-17229 (bsc#1109175): (Heap buffer overflow in Exiv2::d2Data) + * Fixes CVE-2018-17230 (bsc#1109176): (heap-based buffer overflow in Exiv2::ul2Data) + * Fixes CVE-2017-1000126 (Stack out of bounds read in webp parser) (bsc#1068873) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------
