pkg-perl-maintainers team mailing list archive
-
pkg-perl-maintainers team
-
Mailing list archive
-
Message #04184
[Bug 1925985] Re: CVE-2021-22204
Following https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue , I can now
subscribe ubuntu-security-sponsors :
1. Your patch is in debdiff format
It is.
2. The patch follows the security team update procedures. Especially:
- targeted against the security pocket of a stable release
I think so, but I'm not exactly sure what a "security pocket" is. This
is a patch against 20.04 LTS to fix an arbitrary code execution, so it
seems appropriate.
I've updated the patch to have 'focal-security' as distribution, as
described in
https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation#Packaging.
- uses the correct version
The version 11.88-1ubuntu1 is created by dch, so I'm assuming it is
correct. (Maybe it should be 11.88-1ubuntu0.1 ?)
- mentions a CVE, and preferably a LP bug #.
The diff mentions CVE-2021-22204 and (LP: #1925985), which is this bug.
- Check your .changes file to make sure that you have the right revision
and distribution
I've put 'focal-security' as distribution, which seemed the most
appropriate.
3. All changes in the patch are intentional
They are.
4. Your patch applies cleanly
It does.
5. The Status and Assignment are correct
I cannot change the status, but it seems OK.
6. Please comment on the testing performed.
I've tested the patched package with echo_vakzz.jpg from
https://hackerone.com/reports/1154542 on a development workstation. (So
not on a clean Ubuntu installation.)
- If all of the above is in order, please subscribe ubuntu-security-sponsors
OK.
** Patch added: "update with focal-security as distribution"
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+attachment/5503783/+files/libimage-exiftool-perl_11.88-1ubuntu1.debdiff
--
You received this bug notification because you are a member of Debian
Perl Group, which is subscribed to libimage-exiftool-perl in Ubuntu.
https://bugs.launchpad.net/bugs/1925985
Title:
CVE-2021-22204
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libimage-exiftool-perl/+bug/1925985/+subscriptions
References