Exiv2 update with security fixes.
sudo dnf upgrade --advisory=FEDORA-2018-8b67a5c7e2
This update has been submitted for testing by jgrulich.
jgrulich edited this update.
hello jgrulich, thank you for your effort!
tldr: Which CPEs have been fixed with this release?
I am confused regarding which CVEs have been fixed in this release. The related Bugs reference 14 CVEs:
CVE-2017-17669, CVE-2017-17724, CVE-2017-9953, CVE-2018-10958, CVE-2018-10998, CVE-2018-10999, CVE-2018-11037, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-9144, CVE-2018-9145, CVE-2018-9146, CVE-2018-9305
However, the Chanelog (https://koji.fedoraproject.org/koji/search?terms=exiv2-0.26-12.fc28&type=build&match=glob) suggests that these CVEs have been fixed:
CVE-2017-17723, CVE-2017-17725, CVE-2018-10958, CVE-2018-10998, CVE-2018-11531, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046, CVE-2018-5772, CVE-2018-8976, CVE-2018-8977, CVE-2018-9144.
The 5 CVEs CVE-2018-10958, CVE-2018-10998, CVE-2018-12264, CVE-2018-12265, CVE-2018-14046 are referenced in the reladet bugs and the changelog.
The 3 CVEs CVE-2017-17723, CVE-2017-17725, CVE-2018-5772 referenced in the changelog have already been addressed in a previous exiv release (see FEDORA-2018-fc9c5969b4).
I backported those changes from RHEL, where I adressed CVEs mentioned in changelog and I was a bit lazy to check what CVEs has been already adressed in Fedora (my fault). I first added all CVEs mentioned in the changelog and then I went through some CVEs in bugzilla and added related ones (e.g. those in PrintStructures() which are under multiple CVEs from what I remember.
This update has been pushed to testing.
works for me
This update has been submitted for batched by bodhi.
This update has been submitted for stable by bodhi.
This update has been pushed to stable.
Please login to add feedback.
Confirm request to re-trigger tests.
Copyright © 2007-2019 Red Hat, Inc. and
bodhi is Free Software.
if you have any problems. Read the documentation.