On Sun, 18 Nov 2018 06:47:43 -0500 Jeremy Bicha <jbi...@debian.org> wrote: > There is a new exiv2 0.27 RC2 tarball release. Could you look into > whether it fixes the security issues from 0.26 and would be acceptable > for unstable?
I just went through all Debian bug reports associated with CVEs. As far as I can see, upstream has fixed them all in exiv2 0.27.0. Grave bugs: #876242 (CVE-2017-12957) <https://github.com/Exiv2/exiv2/issues/60> #880027 (CVE-2017-14861) <https://github.com/Exiv2/exiv2/issues/139> #880015 (CVE-2017-14866) <https://github.com/Exiv2/exiv2/issues/140> #888863 (CVE-2017-1000127) <https://github.com/Exiv2/exiv2/issues/176> #888864 (CVE-2017-1000126) <https://github.com/Exiv2/exiv2/issues/175> #888865 (CVE-2017-14865) <https://github.com/Exiv2/exiv2/issues/134> #888866 (CVE-2017-14863) <https://github.com/Exiv2/exiv2/issues/132> #888867 (CVE-2017-14860) <https://github.com/Exiv2/exiv2/issues/71> #888869 (CVE-2017-14857) <https://github.com/Exiv2/exiv2/issues/76> #888872 (CVE-2017-12956) <https://github.com/Exiv2/exiv2/issues/59> #888873 (CVE-2017-12955) <https://github.com/Exiv2/exiv2/issues/58> #888874 (CVE-2017-11553) <https://github.com/Exiv2/exiv2/issues/54> #894179 (CVE-2018-8977) <https://github.com/Exiv2/exiv2/issues/247> #903763 (CVE-2018-14046) <https://github.com/Exiv2/exiv2/issues/378> #912828 (CVE-2018-18915) <https://github.com/Exiv2/exiv2/issues/511> #915134 (CVE-2018-19607) <https://github.com/Exiv2/exiv2/issues/561> #923472 (CVE-2019-9143) <https://github.com/Exiv2/exiv2/issues/711> #923473 (CVE-2019-9144) <https://github.com/Exiv2/exiv2/issues/712> Important bugs: #886006 (CVE-2017-17669) <https://github.com/Exiv2/exiv2/issues/187> #886962 (CVE-2018-4868) <https://github.com/Exiv2/exiv2/issues/202> #891044 (CVE-2017-17722) <https://github.com/Exiv2/exiv2/issues/208> #891783 (CVE-2017-17724) <https://github.com/Exiv2/exiv2/issues/210> #895568 (CVE-2017-11592) <https://github.com/Exiv2/exiv2/issues/56> #897260 (CVE-2017-1000128) <https://github.com/Exiv2/exiv2/issues/177> #903813 (CVE-2018-8976) <https://github.com/Exiv2/exiv2/issues/246> #910060 (CVE-2018-17581) <https://github.com/Exiv2/exiv2/issues/460> #910909 (CVE-2018-9145) <https://github.com/Exiv2/exiv2/pull/470> #913272 (CVE-2018-19108) <https://github.com/Exiv2/exiv2/issues/426> #913273 (CVE-2018-19107) <https://github.com/Exiv2/exiv2/issues/427> #915135 (CVE-2018-19535) <https://github.com/Exiv2/exiv2/issues/428> #916081 (CVE-2018-16336) <https://github.com/Exiv2/exiv2/issues/400> This looks good to me! -richy.
