Your message dated Sun, 08 Aug 2021 10:03:29 +0000
with message-id <e1mcfet-00050o...@fasolo.debian.org>
and subject line Bug#991706: fixed in exiv2 0.27.3-3+deb11u1
has caused the Debian Bug report #991706,
regarding exiv2: CVE-2021-31292
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
991706: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991706
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: exiv2
Version: 0.27.3-3
Severity: important
Tags: security upstream
Forwarded: https://github.com/Exiv2/exiv2/issues/1530
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for exiv2.
CVE-2021-31292[0]:
| An integer overflow in CrwMap::encode0x1810 of Exiv2 0.27.3 allows
| attackers to trigger a heap-based buffer overflow and cause a denial
| of service (DOS) via crafted metadata.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-31292
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31292
[1] https://github.com/Exiv2/exiv2/issues/1530
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.27.3-3+deb11u1
Done: Moritz Muehlenhoff <j...@debian.org>
We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 991...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Muehlenhoff <j...@debian.org> (supplier of updated exiv2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 06 Aug 2021 10:57:42 +0200
Source: exiv2
Architecture: source
Version: 0.27.3-3+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian KDE Extras Team <pkg-kde-ext...@lists.alioth.debian.org>
Changed-By: Moritz Muehlenhoff <j...@debian.org>
Closes: 991705 991706
Changes:
exiv2 (0.27.3-3+deb11u1) bullseye-security; urgency=medium
.
* CVE-2021-31291 (Closes: #991705)
* CVE-2021-31292 (Closes: #991706)
Checksums-Sha1:
f74c6ed0393c24471c0ceb9584e28696f7c7a12f 2295 exiv2_0.27.3-3+deb11u1.dsc
5f1b460b10171c3b12cd540d699e9b815f6f3058 26185201 exiv2_0.27.3.orig.tar.gz
2ce7ef3a747a8bc1559acf3796210acd57fc04e7 26040
exiv2_0.27.3-3+deb11u1.debian.tar.xz
d81ce13164df5c4e417fe4d06fe7b0503d4f04ed 10538
exiv2_0.27.3-3+deb11u1_amd64.buildinfo
Checksums-Sha256:
64da774dd45f4faadaa7e841f0cecf22c4de385cd3abc9ecc45a065eda5bf9f7 2295
exiv2_0.27.3-3+deb11u1.dsc
6398bc743c32b85b2cb2a604273b8c90aa4eb0fd7c1700bf66cbb2712b4f00c1 26185201
exiv2_0.27.3.orig.tar.gz
9fb59fbc12e3270951c5a34741813eb5474803ba08bb80700dfdabfbdb5a585b 26040
exiv2_0.27.3-3+deb11u1.debian.tar.xz
679d2a05a54732ad05b719669c510e09ff277fdbd153b017f1332aced5362048 10538
exiv2_0.27.3-3+deb11u1_amd64.buildinfo
Files:
b248243d8f0506fefd347942fe4a3fb1 2295 graphics optional
exiv2_0.27.3-3+deb11u1.dsc
652fe107af5b9ba6891b3887a96ed8be 26185201 graphics optional
exiv2_0.27.3.orig.tar.gz
1e06208ac69c50914e3db54e2c81eb59 26040 graphics optional
exiv2_0.27.3-3+deb11u1.debian.tar.xz
3195ff6e6e99af94d274c8d548773bc7 10538 graphics optional
exiv2_0.27.3-3+deb11u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmEM+xcACgkQEMKTtsN8
Tjaz2Q//UJJBQVxJbPMePSaCMwkdyjDCDNGLP1EcPhIZA91L4F3sPgnI9BzvslST
5oHw3yWQiF5DnfHhBjeoRkmJQ6P5KYOmgKW6ezymQG0UtZBh7iBsk8gA/fF+40m3
zK4pUmLtyuLmnAM0AVYeZhF88SFOntZJkBoaMo6jvoIy6Vs7N9I038h0U8WRrtaF
hiY0FJlBcEUNmXW7EpSPFXcUb0jxSOvkY/mosjGw/ESF62ccw4fK1+HILhGcRK48
SvaBzMRJ+DoJlOHK4XtGyy+D4wqrGqnBDlgx27K6UqL/YzTbA4tbIHgtqPpVxEYl
VgFUnDQ/X5OJR4lFHzYig+cX8VgRPW0Bt3cmLVKBP7WRhPbsW2kT3JguaK1fLmiN
2eYRsfvbfBbhMUovptEk/AmDLH1Qy97e3oWI3G4oxsoBqgQwGvr3QZV376FG7Vb6
ScsCic38fWOcyotCd9kVvjGHuz9cOEk1mdhlNMczueirJFYQjWnnyRse3cY+oNSM
ql0b8wbHtQdY7m9Z/mVZ32QbW2XFnYbivUTd1bPUJ9WXSqecDZ9YE1F6wUQFIEI0
AZKMb0OxilR8iVYatrdeLUzbYoNATCdp0DHyfw80oi+jHErF7DmfsFrwrJTh8GyG
fR3c9MHg3k2VxtWJl44ekdxH//scLcM7xW2ERApPxMdUvPE/4fg=
=K3QG
-----END PGP SIGNATURE-----
--- End Message ---
