-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Aug 2021 11:46:33 +0200 Source: exiv2 Binary: exiv2 exiv2-dbgsym libexiv2-14 libexiv2-14-dbgsym libexiv2-dev libexiv2-doc Architecture: source amd64 all Version: 0.25-4+deb10u2 Distribution: buster-security Urgency: medium Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Moritz Mühlenhoff <jmm@debian.org> Description: exiv2 - EXIF/IPTC/XMP metadata manipulation tool libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation Closes: 950183 986888 987277 991705 991706 Changes: exiv2 (0.25-4+deb10u2) buster-security; urgency=medium . * CVE-2021-31291 (Closes: #991705) The fix for CVE-2021-31291 also required to backport a few patches that fix some (harmless) CVEs alongside: - CVE-2019-20421 (Closes: #950183) - CVE-2021-3482 (Closes: #986888) - CVE-2021-29457 (Closes: #987277) - CVE-2021-29473 (Closes: #991705) * CVE-2021-31292 (Closes: #991706) Checksums-Sha1: 20fe91053ed189f21c61cece1801e599131e017c 2269 exiv2_0.25-4+deb10u2.dsc adb8ffe63916e7c27bda9792e690d1330ec7273d 5434325 exiv2_0.25.orig.tar.gz 44f6e83f5bb1a770ecaa12850eec38dd593aa10f 30956 exiv2_0.25-4+deb10u2.debian.tar.xz e7475432b51b041a116fe5e937b8454f10e7aabb 775632 exiv2-dbgsym_0.25-4+deb10u2_amd64.deb ad766cb67ffdd91dc439c388baf9c1752bdedefe 9565 exiv2_0.25-4+deb10u2_amd64.buildinfo e9b0c3d94d9a7606194ff8f5bbc8892db6c58edd 107560 exiv2_0.25-4+deb10u2_amd64.deb d58f725ed3373b935a40b4828ec61d83676cc231 8149720 libexiv2-14-dbgsym_0.25-4+deb10u2_amd64.deb 4fb1c86964b11fe1cecf1fa579cbc423402edb1a 698600 libexiv2-14_0.25-4+deb10u2_amd64.deb 31e86150890f2a53115edb24a5bb1c0e644c8e90 1556576 libexiv2-dev_0.25-4+deb10u2_amd64.deb 61399578f80ffb19c257105b66a00e997b6a1508 20850276 libexiv2-doc_0.25-4+deb10u2_all.deb Checksums-Sha256: 388d7495dca737428054c63e3ba90a05e324c28578c5787f2ff3519ba128c5fc 2269 exiv2_0.25-4+deb10u2.dsc c80bfc778a15fdb06f71265db2c3d49d8493c382e516cb99b8c9f9cbde36efa4 5434325 exiv2_0.25.orig.tar.gz 0f22655ad499876c1b52f3cfb3dfc377f1ea76e1b5e7ee5820fafef934abfc1c 30956 exiv2_0.25-4+deb10u2.debian.tar.xz 5718d821afcbe3077e177adc74b68fba039cd1806ae100777196a746b3d79ad1 775632 exiv2-dbgsym_0.25-4+deb10u2_amd64.deb c3b7e38b28a1cf318287e96899091577aa79b57c38dac5d8b2b9519b9355266a 9565 exiv2_0.25-4+deb10u2_amd64.buildinfo b3cbc0d694965864fef0b341ca0b293f976bd36d48c3032446a66c4164f1b9ca 107560 exiv2_0.25-4+deb10u2_amd64.deb 9747b044d1d8ead04b66986918ab28829145d9dfd21f6bdfeb488e12d770cc23 8149720 libexiv2-14-dbgsym_0.25-4+deb10u2_amd64.deb 297790599971f5951e787f2e0f502659b00fceb3adf0d3b528b8a869bdf42af0 698600 libexiv2-14_0.25-4+deb10u2_amd64.deb 3964d4b6440330e4398bf55f934947cdac2a0456664729f68a8cd0f723209951 1556576 libexiv2-dev_0.25-4+deb10u2_amd64.deb 04dfec7565fbddf740521a799567e379eebbaeaaad135373d40141f28a6a1d1a 20850276 libexiv2-doc_0.25-4+deb10u2_all.deb Files: 2086ccb7255429d6860bc7c7d1d96907 2269 graphics optional exiv2_0.25-4+deb10u2.dsc 258d4831b30f75a01e0234065c6c2806 5434325 graphics optional exiv2_0.25.orig.tar.gz 1c5af3abc1f5ef9440a03ce5783be79f 30956 graphics optional exiv2_0.25-4+deb10u2.debian.tar.xz 07a52f76bbdc61ebf0715d034762f163 775632 debug optional exiv2-dbgsym_0.25-4+deb10u2_amd64.deb 50dbf38671f48adcf4cfeef508a52133 9565 graphics optional exiv2_0.25-4+deb10u2_amd64.buildinfo a19154e2dd7d237b6e3f6c0fb21b02a5 107560 graphics optional exiv2_0.25-4+deb10u2_amd64.deb 36121ec8636f65bf3e6e9dbbc2ae10e3 8149720 debug optional libexiv2-14-dbgsym_0.25-4+deb10u2_amd64.deb 2299ddc10ad39340bed5cae72f0e4851 698600 libs optional libexiv2-14_0.25-4+deb10u2_amd64.deb d587c8ce4b1cd4cc06e0558c3bd55173 1556576 libdevel optional libexiv2-dev_0.25-4+deb10u2_amd64.deb 27584ae2587ab2204a920fce3b710da8 20850276 doc optional libexiv2-doc_0.25-4+deb10u2_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmENEC0ACgkQEMKTtsN8 TjbDOQ//aAsFKaj9hcXS0VaknOBSN4B0+hQ/ulL4ho2cmn5srWOAPLHszHa0XvuO VGBkv7ajfhNk3mAJUUu4/IaJftKJKp8ngc7vA/ktWUiS7mZ0deDePeXfo5ui0Z9J f5n3iLuD1tA/0XchqflsRL8Wkya2xNx5QkCqGLcPWSbDhDI277sLw55/ILi1XeZ2 5OwIv0mPW697pICia+RM4nf43W0iN8+nUfy0mdbBgUbNsDlAqDP3Nt1V2w7gXcOP N2z1088toFpl+cAwMiyeKHCECBjpJle3gDVgmARrSpH8etnfdN4NKZAq4iYOSi/Y RSSB+RhBSrfMMqELJKfAxcoxkUB98L1tpvGN4UeQPXmzZD+svJm15W9sz71qYtub QR8lJkXCujAyrrg7ffvmfDvClwPP2iMhTXJ7EaiLlQM9rSeE7692/6wO2Vfw28vU lQ/eZdMD1uAU7DDuX5nhp/+dIzMRYtT/ZjlLN7Ou0oK2mjRnZYGgqgHtV7YETO6L 9WI+r1oJ/hT4AT0c+70GUGGOwq6HVp4H9EJxnf0G6vGlcySpKsy+L+Y89P1U2ofn JZfWJbWDLK53ByEh2HqLp2HRVhEwvJnrxAQcRQIC8NgTlu9SJcOZGwlJT4gKE4VY XysSV5lkHChU6ppBQigqj5HzaJtgJnHEXXBQ0BtmJ6yGusYpHn4= =f5Tc -----END PGP SIGNATURE-----