[ubuntu/questing-security] exiv2 0.28.5+dfsg-1ubuntu0.1 (Accepted)
Bruce Cable
bruce.cable at canonical.com
Wed Mar 18 02:45:30 UTC 2026
exiv2 (0.28.5+dfsg-1ubuntu0.1) questing-security; urgency=medium
* SECURITY UPDATE: Out of Bounds Read
- debian/patches/CVE-2026-25884.patch: Fix out-of-bounds read
- debian/patches/CVE-2026-27596.patch: Check for integer overflow.
- CVE-2026-25884
- CVE-2026-27596
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2025-54080.patch: Better bounds checking
- debian/patches/CVE-2026-27631.patch: Check for integer overflow
- debian/patches/CVE-2025-55304-1.patch: Add new method
appendIccProfile to fix quadratic performance issue
- debian/patches/CVE-2025-55304-2.patch: Fix docstring
- CVE-2025-54080
- CVE-2026-27631
- CVE-2025-55304
Date: 2026-03-16 01:58:21.090863+00:00
Changed-By: Bruce Cable <bruce.cable at canonical.com>
https://launchpad.net/ubuntu/+source/exiv2/0.28.5+dfsg-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list