-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 26 Apr 2021 15:53:25 +0200 Source: libimage-exiftool-perl Architecture: source Version: 11.16-1+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 987505 Changes: libimage-exiftool-perl (11.16-1+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. . [ gregor herrmann ] * Add patch CVE-2021-22204.patch, taken from upstream release 12.24. The patch fixes CVE-2021-22204: Improper neutralization of user data in the DjVu file format in ExifTool versions 7.44 and up allows arbitrary code execution when parsing the malicious image. Thanks to William Bowling for the bug report on Launchpad. (Closes: #987505) (LP: #1925985) Checksums-Sha1: 62ecb750ecde79326c756f5a663338ed54ee9f86 2423 libimage-exiftool-perl_11.16-1+deb10u1.dsc b429c3e99b6682f0fbadc54357ab4221f6ed994a 4483254 libimage-exiftool-perl_11.16.orig.tar.gz 49962a726a4f79dc7d2f8ecd71c483ed8ca190c5 8840 libimage-exiftool-perl_11.16-1+deb10u1.debian.tar.xz Checksums-Sha256: ba1e042212572bc3a784fc9c8fa0aed324b5371dbb1d0b7a3584a9d1d9c786b4 2423 libimage-exiftool-perl_11.16-1+deb10u1.dsc 0440342f76099a6773cf9d65d5762be5fd16775f652a562bb127d39a409526c9 4483254 libimage-exiftool-perl_11.16.orig.tar.gz da80c43f923d4f6f88d084437d44a42681daa43d2d23b154a2313ed641c119d0 8840 libimage-exiftool-perl_11.16-1+deb10u1.debian.tar.xz Files: e10142ade56f7b7db6d4829b618848cc 2423 perl optional libimage-exiftool-perl_11.16-1+deb10u1.dsc 5632fb98b70965808a38ae68417bb160 4483254 perl optional libimage-exiftool-perl_11.16.orig.tar.gz 7a6ff35d970f7968496b5ef496df2f9a 8840 perl optional libimage-exiftool-perl_11.16-1+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmCG2DBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ESxIP/iVvXsgBkNE6BH1g/76wQlLrnPT62zIw Z1OkW5ikCc3dkf0VnvaYyyAk6SgMvUecuAlX8sqyK9urCmp6H6RierCY/xnxhsjR /DT7Qc14PK0y++fVMzJWoOB4TzCRzgnsOzbqUoPc4UGHdCj2bg8eSMA9wfED0rra 8Xa3Q16zDtEUlU1rdWFWS45C/77nrAxaDAI93e3yWfA4fsP8N+TyZ5Hs2hx2RqtZ S8JG3qWAlkALy4dhB29x+ZsrnETuQmGYIhWYPWPr//ZjYaiSTMUdud/y/6Rwy8Av rijlccj7AltBDKdLaFhtLmMDKIMMNME1NQPB81mHSOH47d3aNehu9QRp9S+AlR84 aBIZApZME81fuIXDUTDMQq/ZY4h3fdayhy9gvgJrRp5+GqX04sgLZHv8fs2/8Wpj RpaalwC4iNUGzLCDBcJHYDTb5V/xqTZKb7o4LQFOjdrRPdD1mOLizlItLQJIRtRF YW6jOXggvPedbV+MUzPMVqeMy9xIoALFfZr/YIzHMClNnwzDTDatx75elamP1xWi HlTDIJND1uSZxMunCb3Ew13rmJFsESjMj/1yUP8X5sziSv+jOhQ0bIVBO+XSJSVD iW0zHbqU+UeQTe3sIGt+3T9xRGP3HKPpa8Uf1yj0xTd3FZDCZkwfyeKZnThLvXfe EJYF4vD1gOcW =MkAT -----END PGP SIGNATURE-----