Your message dated Wed, 06 Oct 2021 19:18:35 +0000 with message-id <e1mycr1-000bk4...@fasolo.debian.org> and subject line Bug#991705: fixed in exiv2 0.27.3-3.1 has caused the Debian Bug report #991705, regarding exiv2: CVE-2021-29457 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 991705: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991705 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: exiv2 Version: 0.27.3-3 Severity: important Tags: security upstream Forwarded: https://github.com/Exiv2/exiv2/issues/1529 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Hi, The following vulnerability was published for exiv2. CVE-2021-31291[0]: | A heap-based buffer overflow vulnerability in jp2image.cpp of Exiv2 | 0.27.3 allows attackers to cause a denial of service (DOS) via crafted | metadata. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2021-31291 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31291 [1] https://github.com/Exiv2/exiv2/issues/1529 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: exiv2 Source-Version: 0.27.3-3.1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of exiv2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 991...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated exiv2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 04 Oct 2021 20:56:31 +0200 Source: exiv2 Architecture: source Version: 0.27.3-3.1 Distribution: unstable Urgency: medium Maintainer: Debian KDE Extras Team <pkg-kde-ext...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 991705 991706 Changes: exiv2 (0.27.3-3.1) unstable; urgency=medium . * Non-maintainer upload. * Upload changes from 0.27.3-3+deb11u1 to unstable to make sure the version in unstable is higher than the bullseye-security upload and including the needed CVE fixes. . exiv2 (0.27.3-3+deb11u1) bullseye-security; urgency=medium . * CVE-2021-31291 (Closes: #991705) * CVE-2021-31292 (Closes: #991706) Checksums-Sha1: 7b1fd8649192430bc711103ec307e39ce5392fda 2426 exiv2_0.27.3-3.1.dsc 40ddc774b1a5b2d2536c5c47d825d707126684d6 26112 exiv2_0.27.3-3.1.debian.tar.xz 2a919cf1ded3beb5da44370b1c7a45832840a02f 6611 exiv2_0.27.3-3.1_source.buildinfo Checksums-Sha256: af6c8949f1f5b49ded2d2b9538690809a0e8cc05298c6dd458ac6c610084f392 2426 exiv2_0.27.3-3.1.dsc c819c16cb31e2111a7884108230c6ac3306eaf365762691cdc9576a6bd402f34 26112 exiv2_0.27.3-3.1.debian.tar.xz a658f39be6056936a87aadc6184106f058201e63e6186f9eefde76c275b364e1 6611 exiv2_0.27.3-3.1_source.buildinfo Files: 98e458023130b0340e0481cc02d6b2e4 2426 graphics optional exiv2_0.27.3-3.1.dsc 46c6027674d10b9337e941934078ff1a 26112 graphics optional exiv2_0.27.3-3.1.debian.tar.xz 5890f337d8926bba0d077446cc234467 6611 graphics optional exiv2_0.27.3-3.1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmFbTq1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EsHEQAIIHIO76DGzMrHlf7WeW2GC/J0dCy2Do L5IGxFMSO+1liFZ+wdWJUVrCMGARkqUw7/ShJ2Sfg5xDop2CrG6sOFepbky1K9lD 7CFyau+evMfd4ccIpPiY8UqfV+JUADLL6Yjazlx93nBX0CpYRKyW+Eds2X7Z6cEw hJGpBoivUHOT3pC+HqUtJjWJEcoyjChy4NXUatT25WKZyY/s7J13VA4PEorg6Y03 lgzfyiNGWpP20JNsG9Wnmg/NlC265eWF8Sxumvx0Y8HthWGhA0j2vH418T1a2lPf zYY4MkNNVtjO6ctTEdyKy94JlPxi49WyYjdVHaJZiQ4C3259KZI3YYe3jRiQgC4U 7ySkmIfmwNGaUYSpRP8R4hfvOKpi7YuzcO49xOHY2USHpPbCUbWZc6sxwRbJ/HtY HgglvGEz0ipQjsqaf1ICZq5w08D7I/TAucE9jd0PXoKr67TtuexttJh8LFJpv4zz SiB+i0MCnXw5Er6gANgsjfCBFVPZWrczxgc3FO10bqt3d2om9/IdcxznoaD0O7dq mNogFCSO4Ydnrcu9Dcyiq4Ch/GQmlSahFu1B6vCx3k6235cRZeMTawpAYj+lJb1g C6wIKuRAuOoel9EPf7QVSdUSYUUJPQu6RHm52et0LvxZr4e3jvi2OVX8/xcDDihz 8px92DG585ut =kjl5 -----END PGP SIGNATURE-----
--- End Message ---
