Description: "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image" Fixed in 12.24. Please bump.
@perl if you can try look at this soon?
exiftool-12.25 is available upstreams and compiles as expected.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6d7a897605b349d4f2c8e87907876b42e99f8ffa commit 6d7a897605b349d4f2c8e87907876b42e99f8ffa Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2021-05-03 13:57:33 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2021-05-03 13:57:33 +0000 media-libs/exiftool: fix CVE-2021-22204 Bug: https://bugs.gentoo.org/785667 Package-Manager: Portage-3.0.18, Repoman-3.0.3 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> media-libs/exiftool/exiftool-12.16-r1.ebuild | 27 +++++++++++++++++++ .../files/exiftool-12.16-CVE-2021-22204.patch | 30 ++++++++++++++++++++++ 2 files changed, 57 insertions(+)
ppc done
amd64 done
x86 done
ppc64 stable
arm64 done all arches done
Please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe715cdbd52629a1deb0f8cf83206c54a5fc92b4 commit fe715cdbd52629a1deb0f8cf83206c54a5fc92b4 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2021-05-13 13:48:20 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2021-05-13 13:48:20 +0000 media-libs/exiftool: Remove old Bug: https://bugs.gentoo.org/785667 Package-Manager: Portage-3.0.18, Repoman-3.0.2 Signed-off-by: Andreas K. Hüttel <dilfridge@gentoo.org> media-libs/exiftool/Manifest | 1 - media-libs/exiftool/exiftool-12.08.ebuild | 25 ------------------------- media-libs/exiftool/exiftool-12.16.ebuild | 25 ------------------------- 3 files changed, 51 deletions(-)
Gone from the tree.
Unable to check for sanity: > no match for package: media-libs/exiftool-12.16-r1
GLSA request filed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=cbb2c6bdcf7c6bcf9d999c22c28ef4eb416b0a51 commit cbb2c6bdcf7c6bcf9d999c22c28ef4eb416b0a51 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-24 06:08:31 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-24 06:08:44 +0000 [ GLSA 202407-27 ] ExifTool: Multiple vulnerabilities Bug: https://bugs.gentoo.org/785667 Bug: https://bugs.gentoo.org/791397 Bug: https://bugs.gentoo.org/803317 Bug: https://bugs.gentoo.org/832033 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-27.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+)