Attached is a debdiff that fixes CVE-2021-22204 on libimage-exiftool- perl 11.88-1; dch automatically changed the version to 11.88-1ubuntu1.
I simply checked out https://salsa.debian.org/perl-team/modules/packages /libimage-exiftool-perl/-/tree/debian/11.88-1 , cherry-picked https://salsa.debian.org/perl-team/modules/packages/libimage-exiftool- perl/-/commit/0347501fda93cb8366d6451aedcf258b34fb4a2b with the fix, and based the changelog on https://salsa.debian.org/perl- team/modules/packages/libimage-exiftool- perl/-/commit/5f175b3bb7db706cf840d8ee0f292a64e0abfae2 . The changes can be found in my forked project: https://gitlab.com/hugobuddel/libimage-exiftool-perl/-/tree/hb/fix- CVE-2021-22204 It works, and it is a rather simple patch. Yet this is the first time I've ever build an Ubuntu package, so please check. Also, I've added my name to the changelog, even though @gregoa Gregor Herrmann did the actual work, which is credited in the changelog. I don't care about getting credit for this, so feel free to change the changelog. There are also several other Ubuntu versions listed as "Needs triage" on https://ubuntu.com/security/CVE-2021-22204 (21.04, 20.10, 18.04). I don't have those running, so I cannot comment on those. ** Patch added: "patch for CVE-2021-22204" https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+attachment/5503674/+files/libimage-exiftool-perl_11.88-1ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1925985 Title: CVE-2021-22204 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
