Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 791397

Summary: <media-libs/exiftool-12.26: Vulnerability in lang option
Product: Gentoo Security Reporter: Sam James <sam>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ?? [glsa+]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 785667    

Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-22 05:02:00 UTC
"May 20, 2021 - Version 12.26 (production release)
Added support for JPEG Stereo (JPS) images
Added a new Sony LensType (thanks LibRaw)
Added a new PentaxModelID (thanks LibRaw)
Changed ExifTool namespace URI to use exiftool.org instead of exiftool.ca in the -X option output (exiftool.ca is still recognized when reading XML)
Improved handling of large-array warnings in -htmldump output
Changed handling of escaped characters in #[CSTR] lines of -@ argfile
Patched security vulnerability in argument of -lang option
Fixed problem which could cause a "Wide character" warning and generate a corrupted output file when writing some illegal values"
Comment 2 Agostino Sarubbo gentoo-dev 2021-05-27 06:56:01 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2021-05-27 06:57:43 UTC
x86 stable
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-27 19:10:47 UTC
arm64 done
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-27 19:20:22 UTC
ppc64 done
Comment 6 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-27 19:22:32 UTC
ppc done

all arches done
Comment 7 Larry the Git Cow gentoo-dev 2021-05-30 21:01:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b20f7125508f3a30f11bbb08f89ee86ad68d28e

commit 5b20f7125508f3a30f11bbb08f89ee86ad68d28e
Author:     Andreas K. Hüttel <dilfridge@gentoo.org>
AuthorDate: 2021-05-30 20:34:41 +0000
Commit:     Andreas K. Hüttel <dilfridge@gentoo.org>
CommitDate: 2021-05-30 21:00:51 +0000

    media-libs/exiftool: Remove old
    
    Bug: https://bugs.gentoo.org/791397
    Package-Manager: Portage-3.0.18, Repoman-3.0.2
    Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org>

 media-libs/exiftool/Manifest                       |  1 -
 media-libs/exiftool/exiftool-12.16-r1.ebuild       | 27 -------------------
 .../files/exiftool-12.16-CVE-2021-22204.patch      | 30 ----------------------
 3 files changed, 58 deletions(-)
Comment 8 NATTkA bot gentoo-dev 2021-10-23 15:40:48 UTC
Unable to check for sanity:

> no match for package: media-libs/exiftool-12.26
Comment 9 Andreas K. Hüttel archtester gentoo-dev 2021-10-31 20:10:43 UTC
cleanup done
Comment 10 Larry the Git Cow gentoo-dev 2024-07-24 06:08:46 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=cbb2c6bdcf7c6bcf9d999c22c28ef4eb416b0a51

commit cbb2c6bdcf7c6bcf9d999c22c28ef4eb416b0a51
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-07-24 06:08:31 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-07-24 06:08:44 +0000

    [ GLSA 202407-27 ] ExifTool: Multiple vulnerabilities
    
    Bug: https://bugs.gentoo.org/785667
    Bug: https://bugs.gentoo.org/791397
    Bug: https://bugs.gentoo.org/803317
    Bug: https://bugs.gentoo.org/832033
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202407-27.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 46 insertions(+)