Package: libimage-exiftool-perl Version: 7.89-1 Severity: serious Tags: security upstream patch fixed-upstream X-Debbugs-Cc: Debian Security Team <[email protected]>
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22204 "Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image" Fixed upstream in 12.24: https://github.com/exiftool/exiftool/commit/cf0f4e7dcd024ca99615bfd1102a841a25dde031#diff-fa0d652d10dbcd246e6b1df16c1e992931d3bb717a7e36157596b76bdadb3800 Also https://bugs.launchpad.net/bugs/1925985 -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmCEfodfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgao/w/9HH5DAYC64RkvniKlsDE3N5dOFDl6lNZ2uVZUadZjkMEHCFqhmjsYc0Tf y04N09lM1cZcTi4k1czgdcwXE9IwOHmiSK/fBRsreFfBDGRQ26K9OEZ6yQ5mLXJT d5H3oWCKBQQnGOVb21iqIsB93H+9V1+htbBxPPLNT9ZR8QU0mJlttr2pdLDB/k0Z oajD5ZBd4b5MAHKND0XJQhD0mN93D8PDekvsFOD7waXFuUGvYeyQTD6XmFVM7liw pP4ZxabO9Dnd7r0O2vbGjQ52H5BEVehc0nChLrStE3nLzdpFjdG/Ksop3/b/4Mc+ iHEk0EcPWgS41qjyWm1InNek7RHaYEO74hUJ6KCUnHhO/goGj4yq6h1htE0GVree nrnVtX+cxkp8utZXC7vYoGe31iRz3GDI/MZ/+yd3NZF4xJqIAud/tJREqvJirmbJ QbtkwprmP4EX0OTbCnJAtTeRl9Crg2TlzQ7h89dEVR1yuG+9EZFxMT9m6hHmxdph G3YZ1UilJqyX45J+xPCXCriuK+O3y1uszfECOliZhGs1jbyBOXXN5Q5timrbJZnr 1KCtGHsjknOujO/gYqPwb/u/XkWBkdZ24dromBXqHV7lsycHARR0v0DkpcwhiNqE b3x5mTAvmN1L4QxvfNzRsLUXOVNjjbA3ekG0zsTcApLTvxOrHM8= =VnEt -----END PGP SIGNATURE-----
