Bug#912531: stretch-pu: package exiv2/0.25-3.1+deb9u2
Control: tags -1 -moreinfo + confirmed
On Thu, 2018-11-01 at 21:07 -0400, Roberto C.Sánchez wrote:
> On Thu, Nov 01, 2018 at 06:50:53PM +0000, Adam D. Barratt wrote:
> > Control: tags -1 + moreinfo
> >
> > On Wed, 2018-10-31 at 23:25 -0400, Roberto C. Sanchez wrote:
> > > I have prepared an update for exiv2 in jessie (0.24-4.1+deb8u2)
> > > related to CVE-2018-16336 and also including a minor fix to the
> > > previous patch for CVE-2018-10958 and CVE-2018-10999.
> >
> > The Security Tracker indicates that CVE-2018-16336 is as-yet
> > unfixed in unstable; is that correct?
> >
> Hi Adam,
>
> That is correct. I completely overlooked it. I will check with the
> maintainers about their plans for unstable.
>
It looks like that eventually happened, early this year(!).
If this is still something that you're interested in fixing for
stretch, please go ahead.
(As a side note, it looks like at least one of these issues is also
unfixed in buster now.)
Regards,
Adam
Reply to: