Secunia writes: A vulnerability has been reported in Exiv2, which potentially can be exploited by malicious people to crash an application using the library. The vulnerability is caused due to a floating point exception within the pretty printing functionality when processing certain Nicon camera lens information. This can be exploited to crash an application linked against the Exiv2 library when a image containing specially-crafted metadata is processed. The vulnerability is reported in version 0.16. Other versions may also be affected. Solution: Update to version 0.17. Provided and/or discovered by: Joakim Bildrulle
new version in CVS.
Arches, please test and mark stable: =media-gfx/exiv2-0.17 Target keywords : "alpha amd64 ia64 ppc release sparc x86"
x86 stable
alpha/ia64/sparc stable
ppc stable
amd64 stable
Fixed in release snapshot.
I could not find any daemon applications linking against this library. While I would assume they exist (which would consitute this sec bug), I vote NO for a GLSA.
what rbu said, thus I vote NO.