ELA-10-1 exiv2 security update

several vulnerabilities

2018-06-28
Packageexiv2
Version0.23-1+deb7u3
Related CVE CVE-2018-10958 CVE-2018-10998 CVE-2018-10999 CVE-2018-11531 CVE-2018-12264 CVE-2018-12265

Several vulnerabilities have been discovered in exiv2, a C++ library and a command line utility to manage image metadata, resulting in denial of service, heap-based buffer over-read/overflow, memory exhaustion, and application crash.

For Debian 7 Wheezy, these problems have been fixed in version 0.23-1+deb7u3.

We recommend that you upgrade your exiv2 packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/