-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Apr 2021 22:40:21 +0200 Source: libimage-exiftool-perl Architecture: source Version: 12.16+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: gregor herrmann <gregoa@debian.org> Closes: 987505 Changes: libimage-exiftool-perl (12.16+dfsg-2) unstable; urgency=medium . * Add patch CVE-2021-22204.patch, taken from upstream release 12.24. The patch fixes CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Thanks to William Bowling for the bug report on Launchpad. (Closes: #987505) (LP: #1925985) Checksums-Sha1: 4f23c6c05773f00ff901d11dfc1bba4fe937e0f2 2544 libimage-exiftool-perl_12.16+dfsg-2.dsc 6579ec3d099a71a0fa9cf802c282eb4038dae37c 10820 libimage-exiftool-perl_12.16+dfsg-2.debian.tar.xz Checksums-Sha256: 82d15d02941df73061a5a586e2ffd6df993fddccfc17b2fe03ea5a3c70ff18b4 2544 libimage-exiftool-perl_12.16+dfsg-2.dsc 77e40f7694d631b9c53dfd57f4495f1948d71b4cffbe78cac2a52795032c32ed 10820 libimage-exiftool-perl_12.16+dfsg-2.debian.tar.xz Files: a9569666222f953a225b674d2f6d4f2e 2544 perl optional libimage-exiftool-perl_12.16+dfsg-2.dsc 187fe61269d36b2ed864ed186fd70caa 10820 perl optional libimage-exiftool-perl_12.16+dfsg-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEE0eExbpOnYKgQTYX6uzpoAYZJqgYFAmCEgp1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEQx RTEzMTZFOTNBNzYwQTgxMDREODVGQUJCM0E2ODAxODY0OUFBMDYACgkQuzpoAYZJ qgbkGxAAseHXRqMHnesVU7PRT91b+BiuW2JIvjVO8DZiPSLpd0vpfZ6pCMOPuBP9 IvtehDuhitizW29T22lky7+yVMOIs+1CIm4L2TjzSVOoHKC2/PoGlU+rdD5DcQ3V f2vjzy22lj9D9CsfGM07cPyLcrcINUwZx/8ni2w9kSgoc8FyvxPtKtFv/ZIRE6bz Xy5a7jSn1ZHA+vjf8GEkoL+PJ2olgjusbLj9Xcoa/KEo6rK+Y+tLEERyVGEdI1gx 5kr86ZUEPHjRYdVIcVrjVtpjs1kEj06FtjXIeYAw5iQbxhqMOBsZJMeFkByXfKoo gfHSFwNpqsIC9GfbJp15WuN69t3VzpVPdzim7eLR/zyFHZLnjI+NHTGmf0QqbL4L xQ0wxpQTx1olBoW5aglz5Ks2JDrwo7G96vEDLrPcgfVWUvVlE/iQSxROUetqSS7x JfzkkfWHdA4xDawxw1Eg7LITQPlv4Q2sBg+Q/ZFR0m3nlm340gfFkhGMzge9eDBG IT479Bx26WRLUpKOhCp+aUr7RC3kmzFf+xtKIQY5mJ6Hne2dmRrHGYU/AD5lqI+2 IYOJY0RGPDYFsc8fMhz6eE2E1BJfdHSMOjyEHszJobqP/Ik2yyNRxbv9dKUquaMH WX4RD3z2+eBfFzNC0qh47aW4f/7qjccTsKuTT3JWaE/krx7+9oU= =oKPh -----END PGP SIGNATURE-----