Following https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue , I can now subscribe ubuntu-security-sponsors :
1. Your patch is in debdiff format It is. 2. The patch follows the security team update procedures. Especially: - targeted against the security pocket of a stable release I think so, but I'm not exactly sure what a "security pocket" is. This is a patch against 20.04 LTS to fix an arbitrary code execution, so it seems appropriate. I've updated the patch to have 'focal-security' as distribution, as described in https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging. - uses the correct version The version 11.88-1ubuntu1 is created by dch, so I'm assuming it is correct. (Maybe it should be 11.88-1ubuntu0.1 ?) - mentions a CVE, and preferably a LP bug #. The diff mentions CVE-2021-22204 and (LP: #1925985), which is this bug. - Check your .changes file to make sure that you have the right revision and distribution I've put 'focal-security' as distribution, which seemed the most appropriate. 3. All changes in the patch are intentional They are. 4. Your patch applies cleanly It does. 5. The Status and Assignment are correct I cannot change the status, but it seems OK. 6. Please comment on the testing performed. I've tested the patched package with echo_vakzz.jpg from https://hackerone.com/reports/1154542 on a development workstation. (So not on a clean Ubuntu installation.) - If all of the above is in order, please subscribe ubuntu-security-sponsors OK. ** Patch added: "update with focal-security as distribution" https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+attachment/5503783/+files/libimage-exiftool-perl_11.88-1ubuntu1.debdiff -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1925985 Title: CVE-2021-22204 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
