#15052 closed enhancement (fixed)
exiv2-0.27.3 security fixes.
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.0 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
Today on lwn.net I noticed that fedora had patched exiv2 for 5 CVEs (two heap-based buffer overflows, three out of bounds reads). NVD rates three as medium, one as low, but one as high - both the low and the high severity require writing the metadata, which is not a common operation.
The patches have been applied to the 0.27 maintenance branch, but although at least one of the CVEs said it has been fixed in 0.27.4 that has not yet been released.
Change History (5)
comment:1 by , 3 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 3 years ago
comment:3 by , 3 years ago
Fixed in @f7c3c7b36675e94308470bd32efcaf935504d52e
Security Advisory 10.1-046.
comment:4 by , 3 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Note:
See TracTickets
for help on using tickets.
Replying to ken@…:
Yes, we wonder why a new release has not been made. The last release was 2020-06-30.