pkg-perl-maintainers team mailing list archive

Thread
Date

[Bug 1925985] Re: CVE-2021-22204

To: pkg-perl-maintainers@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1925985@xxxxxxxxxxxxxxxxxx>
Date: Tue, 04 May 2021 11:04:38 -0000
Reply-to: Bug 1925985 <1925985@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package libimage-exiftool-perl - 12.16+dfsg-2

---------------
libimage-exiftool-perl (12.16+dfsg-2) unstable; urgency=medium

  * Add patch CVE-2021-22204.patch, taken from upstream release 12.24.
    The patch fixes CVE-2021-22204: Improper neutralization of user data in
    the DjVu file format in ExifTool versions 7.44 and up allows arbitrary
    code execution when parsing the malicious image.
    Thanks to William Bowling for the bug report on Launchpad.
    (Closes: #987505) (LP: #1925985)

 -- gregor herrmann <gregoa@xxxxxxxxxx>  Sat, 24 Apr 2021 22:40:21 +0200

** Changed in: libimage-exiftool-perl (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libimage-exiftool-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1925985

Title:
  CVE-2021-22204

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions

References

[Bug 1925985] [NEW] CVE-2021-22204
From: William Bowling, 2021-04-24