What are thoughts on applying this version bump to older supported
releases? https://libexif.github.io/ states:
stability / bugfix / security release fixes CVE-2018-20030,
CVE-2020-13114, CVE-2020-13113, CVE-2020-13112, CVE-2020-0093,
CVE-2019-9278, CVE-2020-12767, CVE-2016-6328, CVE-2017-7544,
I
On 5/27/20 3:59 AM, Alexander Kanavin wrote:
Hardcoding the split version components isn't great (and breaks
automated updates), I have a patch queued that does this better:
Works for me.
Thanks!
Hardcoding the split version components isn't great (and breaks automated
updates), I have a patch queued that does this better:
http://git.yoctoproject.org/cgit/cgit.cgi/poky-contrib/commit/?h=akanavin/package-version-updates=314af89080317673cf91e24537b2e0d9b36747c2
Specifically:
def
Updated libexif to 0.6.22, but needed to change to GitHub as a source,
since SourceForge does not yet have 0.6.22 version. The new version
includes the fixes for the three patch files that have been removed,
as well as other severe CVEs.
CVE: CVE-2018-20030
CVE: CVE-2020-13114
CVE: CVE-2020-13113
