On Tue, Jan 08, 2019 at 09:36:52PM +0100, Salvatore Bonaccorso wrote: > Source: libexif > Version: 0.6.21-5 > Severity: important > Tags: security upstream > Control: found -1 0.6.21-2 > > Hi, > > The following vulnerability was published for libexif, for now filling > primarly for tracking, as there is not much details provided as well > if searching the cross references to other distros bugtrackers. > > CVE-2018-20030[0]: > Input validation issue resulting in a denial of service > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2018-20030 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20030 > [1] https://secuniaresearch.flexerasoftware.com/secunia_research/2018-28/
This is fixed in https://github.com/libexif/libexif/commit/6aa11df549114ebda520dde4cdaea2f9357b2c89 Can we go that into buster, please? Cheers, Moritz
