pkg-perl-maintainers team mailing list archive

[Hugo Buddelmeijer <1925985@xxxxxxxxxxxxxxxxxx>]

Attached is a debdiff that fixes CVE-2021-22204 on libimage-exiftool-
perl 11.88-1; dch automatically changed the version to 11.88-1ubuntu1.

I simply checked out https://salsa.debian.org/perl-team/modules/packages
/libimage-exiftool-perl/-/tree/debian/11.88-1 , cherry-picked
https://salsa.debian.org/perl-team/modules/packages/libimage-exiftool-
perl/-/commit/0347501fda93cb8366d6451aedcf258b34fb4a2b with the fix, and
based the changelog on https://salsa.debian.org/perl-
team/modules/packages/libimage-exiftool-
perl/-/commit/5f175b3bb7db706cf840d8ee0f292a64e0abfae2 .

The changes can be found in my forked project:
https://gitlab.com/hugobuddel/libimage-exiftool-perl/-/tree/hb/fix-
CVE-2021-22204

It works, and it is a rather simple patch. Yet this is the first time
I've ever build an Ubuntu package, so please check.

Also, I've added my name to the changelog, even though @gregoa Gregor
Herrmann did the actual work, which is credited in the changelog. I
don't care about getting credit for this, so feel free to change the
changelog.

There are also several other Ubuntu versions listed as "Needs triage" on
https://ubuntu.com/security/CVE-2021-22204 (21.04, 20.10, 18.04). I
don't have those running, so I cannot comment on those.


** Patch added: "patch for  CVE-2021-22204"
   https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+attachment/5503674/+files/libimage-exiftool-perl_11.88-1ubuntu1.debdiff

-- 
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libimage-exiftool-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1925985

Title:
  CVE-2021-22204

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions