Your message dated Wed, 29 Jan 2020 06:33:23 +0100
with message-id <24803083.LKmzBDn3bR@thyrus>
and subject line Exiv2 bug fixed in 0.27
has caused the Debian Bug report #910909,
regarding exiv2: CVE-2018-9145
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
910909: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910909
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: exiv2
Version: 0.26-1
Severity: important
Tags: patch security upstream
Forwarded: https://github.com/Exiv2/exiv2/pull/470
Hi,
The following vulnerability was published for exiv2, affecting the
*experimental* version (0.26-1).
CVE-2018-9145[0]:
| In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an
| issue exists in the constructor with an initial buffer size. A large
| size value may lead to a SIGABRT during an attempt at memory
| allocation. NOTE: some third parties have been unable to reproduce the
| SIGABRT when using the 4-DataBuf-abort-1 PoC file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-9145
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9145
[1] https://github.com/Exiv2/exiv2/pull/470
[2]
https://github.com/Exiv2/exiv2/commit/c03f73268f65c73f9d3d7b670f13e48e92692750
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.27.2-1
Hi,
this bug was fixed upstream in Exiv2 0.27. Hence, closing with the
first version uploaded to Debian, 0.27.2-1.
Thanks,
--
Pino Toscano
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
