*** This bug is a security vulnerability *** Public security bug reported:
Hello, Please consider demoting exiv2 to universe. http://dev.exiv2.org/issues/1248 The upstream author appears overwhelmed with the task of hardening exiv2 for use against untrusted inputs and thus far (~nine months) no users have provided the project with patches against known issues. $ reverse-depends src:exiv2 Reverse-Recommends ================== * geeqie (for exiv2) Reverse-Depends =============== * cameraplugin-aal [amd64 arm64 armhf i386] (for libexiv2-14) * darktable [amd64 arm64] (for libexiv2-14) * decopy (for exiv2) * digikam-private-libs (for libexiv2-14) * ffdiaporama (for libexiv2-14) * forensics-extra (for exiv2) * gallery-app (for libexiv2-14) * geeqie (for libexiv2-14) * gimp-lensfun (for libexiv2-14) * gimp-ufraw (for libexiv2-14) * gnome-color-manager (for libexiv2-14) * gnome-commander (for libexiv2-14) * gpscorrelate (for libexiv2-14) * gpscorrelate-gui (for libexiv2-14) * gthumb (for libexiv2-14) * gwenview (for libexiv2-14) * hugin (for libexiv2-14) * hugin-tools (for libexiv2-14) * kde-runtime (for libexiv2-14) * kio-extras (for libexiv2-14) * kphotoalbum (for libexiv2-14) * krename (for libexiv2-14) * krita [amd64 i386 ppc64el s390x] (for libexiv2-14) * libextractor3 (for libexiv2-14) * libgexiv2-2 (for libexiv2-14) * libgexiv2-dev (for libexiv2-dev) * libkexiv2-11v5 (for libexiv2-14) * libkf5filemetadata-bin (for libexiv2-14) * libkf5kexiv2-15.0.0 (for libexiv2-14) * libkfilemetadata4 (for libexiv2-14) * libmyth-0.28-0 (for libexiv2-14) * libnomacsloader3 (for libexiv2-14) * libstreamanalyzer0v5 (for libexiv2-14) * luminance-hdr (for libexiv2-14) * merkaartor (for libexiv2-14) * pdf2djvu (for libexiv2-14) * phototonic (for libexiv2-14) * pinot (for libexiv2-14) * python-pyexiv2 (for libexiv2-14) * qtdeclarative5-ubuntu-ui-extras0.2 (for libexiv2-14) * rapid-photo-downloader (for exiv2) * ufraw (for libexiv2-14) * ufraw-batch (for libexiv2-14) * viewnior (for libexiv2-14) Thanks ** Affects: exiv2 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to exiv2 in Ubuntu. https://bugs.launchpad.net/bugs/1706471 Title: please demote exiv2 to universe Status in exiv2 package in Ubuntu: New Bug description: Hello, Please consider demoting exiv2 to universe. http://dev.exiv2.org/issues/1248 The upstream author appears overwhelmed with the task of hardening exiv2 for use against untrusted inputs and thus far (~nine months) no users have provided the project with patches against known issues. $ reverse-depends src:exiv2 Reverse-Recommends ================== * geeqie (for exiv2) Reverse-Depends =============== * cameraplugin-aal [amd64 arm64 armhf i386] (for libexiv2-14) * darktable [amd64 arm64] (for libexiv2-14) * decopy (for exiv2) * digikam-private-libs (for libexiv2-14) * ffdiaporama (for libexiv2-14) * forensics-extra (for exiv2) * gallery-app (for libexiv2-14) * geeqie (for libexiv2-14) * gimp-lensfun (for libexiv2-14) * gimp-ufraw (for libexiv2-14) * gnome-color-manager (for libexiv2-14) * gnome-commander (for libexiv2-14) * gpscorrelate (for libexiv2-14) * gpscorrelate-gui (for libexiv2-14) * gthumb (for libexiv2-14) * gwenview (for libexiv2-14) * hugin (for libexiv2-14) * hugin-tools (for libexiv2-14) * kde-runtime (for libexiv2-14) * kio-extras (for libexiv2-14) * kphotoalbum (for libexiv2-14) * krename (for libexiv2-14) * krita [amd64 i386 ppc64el s390x] (for libexiv2-14) * libextractor3 (for libexiv2-14) * libgexiv2-2 (for libexiv2-14) * libgexiv2-dev (for libexiv2-dev) * libkexiv2-11v5 (for libexiv2-14) * libkf5filemetadata-bin (for libexiv2-14) * libkf5kexiv2-15.0.0 (for libexiv2-14) * libkfilemetadata4 (for libexiv2-14) * libmyth-0.28-0 (for libexiv2-14) * libnomacsloader3 (for libexiv2-14) * libstreamanalyzer0v5 (for libexiv2-14) * luminance-hdr (for libexiv2-14) * merkaartor (for libexiv2-14) * pdf2djvu (for libexiv2-14) * phototonic (for libexiv2-14) * pinot (for libexiv2-14) * python-pyexiv2 (for libexiv2-14) * qtdeclarative5-ubuntu-ui-extras0.2 (for libexiv2-14) * rapid-photo-downloader (for exiv2) * ufraw (for libexiv2-14) * ufraw-batch (for libexiv2-14) * viewnior (for libexiv2-14) Thanks To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1706471/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
