Comment 1 Andreas Sturmlechner 2019-07-20 17:47:45 UTC

0.27.2 release is planned for 2019-07-31

Comment 2 Larry the Git Cow 2019-07-21 16:13:41 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a5596fa323540961fec3729e052a75baa88c8954

commit a5596fa323540961fec3729e052a75baa88c8954
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2019-07-21 15:59:57 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2019-07-21 16:13:21 +0000

    media-gfx/exiv2: 0.27.2_rc3 version bump for testing
    
    This is the last RC before 0.27.2 release that is planned for 2019-07-31.
    
    Bug: https://bugs.gentoo.org/689642
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-gfx/exiv2/Manifest                |   1 +
 media-gfx/exiv2/exiv2-0.27.2_rc3.ebuild | 103 ++++++++++++++++++++++++++++++++
 2 files changed, 104 insertions(+)

Comment 3 Larry the Git Cow 2019-07-29 18:55:54 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d0e96ba43734040a82ad7b8302da4bf147802ef9

commit d0e96ba43734040a82ad7b8302da4bf147802ef9
Author:     Andreas Sturmlechner <asturm@gentoo.org>
AuthorDate: 2019-07-29 18:49:26 +0000
Commit:     Andreas Sturmlechner <asturm@gentoo.org>
CommitDate: 2019-07-29 18:55:40 +0000

    media-gfx/exiv2: 0.27.2 version bump
    
    Bug: https://bugs.gentoo.org/689642
    Package-Manager: Portage-2.3.69, Repoman-2.3.16
    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>

 media-gfx/exiv2/Manifest            |   1 +
 media-gfx/exiv2/exiv2-0.27.2.ebuild | 101 ++++++++++++++++++++++++++++++++++++
 2 files changed, 102 insertions(+)

Comment 4 Andreas Sturmlechner 2019-07-29 19:03:04 UTC

Documentation changes only since rc3, arches please stabilise.

Comment 5 Aaron Bauman (RETIRED) 2019-07-29 22:07:02 UTC

arm64 stable

Comment 6 Agostino Sarubbo 2019-07-31 10:54:28 UTC

ppc stable

Comment 7 Agostino Sarubbo 2019-07-31 10:56:10 UTC

ppc64 stable

Comment 8 Agostino Sarubbo 2019-07-31 11:01:21 UTC

amd64 stable

Comment 9 Agostino Sarubbo 2019-07-31 11:08:25 UTC

x86 stable

Comment 10 Agostino Sarubbo 2019-07-31 12:10:15 UTC

alpha stable

Comment 11 Agostino Sarubbo 2019-07-31 13:11:34 UTC

sparc stable

Comment 12 Agostino Sarubbo 2019-07-31 13:13:36 UTC

ia64 stable

Comment 13 Mikle Kolyada (RETIRED) 2019-08-02 08:11:28 UTC

arm stable

Comment 14 John Helmert III 2023-01-15 04:04:19 UTC

CVE-2019-13114 (https://github.com/Exiv2/exiv2/issues/793):

http.c in Exiv2 through 0.27.1 allows a malicious http server to cause a denial of service (crash due to a NULL pointer dereference) by returning a crafted response that lacks a space character.

Comment 15 John Helmert III 2023-01-15 04:04:51 UTC

CVE-2018-20097 (https://lists.debian.org/debian-lts-announce/2019/02/msg00038.html):

There is a SEGV in Exiv2::Internal::TiffParserWorker::findPrimaryGroups of tiffimage_int.cpp in Exiv2 0.27-RC3. A crafted input will lead to a remote denial of service attack.

Comment 16 John Helmert III 2023-11-21 01:13:35 UTC

CVE-2020-18831 (https://github.com/Exiv2/exiv2/issues/828):

Buffer Overflow vulnerability in tEXtToDataBuf function in pngimage.cpp in Exiv2 0.27.1 allows remote attackers to cause a denial of service and other unspecified impacts via use of crafted file.