pkg-perl-maintainers team mailing list archive

Thread
Date

[Bug 1925985] Re: CVE-2021-22204

To: pkg-perl-maintainers@xxxxxxxxxxxxxxxxxxx
From: Hugo Buddelmeijer <1925985@xxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Jun 2021 07:49:36 -0000
Reply-to: Bug 1925985 <1925985@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

The status of this bug says "Fix Released". How can one install this
released fix on Ubuntu 20.04.2 LTS (Focal Fossa)?

The publicly available proof of concept arbitrary code execution on
hackerone [1] works as-is on the latest exiftool (11.88-1) in the focal
repositories. This makes it a security risk to run exiftool.

[1] https://hackerone.com/reports/1154542

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libimage-exiftool-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1925985

Title:
  CVE-2021-22204

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions

References

[Bug 1925985] [NEW] CVE-2021-22204
From: William Bowling, 2021-04-24