Chromium fixed an issue in its bundled libexif: https://www.openwall.com/lists/oss-security/2019/11/07/1 There's a link to the fix in the message above.
Whiteboard: (none) => MGA7TOO
Note that according to that mail the fix in a bundled libexif is not in chromium but in android.
CC: (none) => cjw
Thanks for the correction. I was in a hurry.
See also bug 25675 (for libvpx). Because... (In reply to Christiaan Welvaart from comment #1) > Note that according to that mail the fix in a bundled libexif is not in > chromium but in android. is analogous, and you (David) closed that other bug in consequence. I do not want to tread on toes, so please do likewise if appropriate. OTOH if this bug remains valid, libexif has no maintainer so the bug needs assigning globally to pkg-bugs.
CC: (none) => lewyssmith
Suggested advisory: ======================== The updated packages fix a security vulnerability: In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. (CVE-2019-9278) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278 https://www.openwall.com/lists/oss-security/2019/11/07/1 ======================== Updated packages in core/updates_testing: ======================== libexif12-common-0.6.21-14.1.mga7 lib(64)exif12-0.6.21-14.1.mga7 lib(64)exif-devel-0.6.21-14.1.mga7 from SRPMS: libexif-0.6.21-14.1.mga7.src.rpm
Assignee: bugsquad => qa-bugsVersion: Cauldron => 7Whiteboard: MGA7TOO => (none)CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDCVE: (none) => CVE-2019-9278
Thank you Nicolas for pushing this bug along on the right rails.
CC: lewyssmith => (none)
MGA7-64 Plasma on Lenovo B50 No installation issues. Installed the exif packageas well, in the hope that exif will use its own libs. exif /mnt/beelden/Pictures/2019/20190101Nieuwjaar/P1013877.JPG EXIF-labels in '/mnt/beelden/Pictures/2019/20190101Nieuwjaar/P1013877.JPG' ('Intel' byte-volgorde): --------------------+---------------------------------------------------------- Label |waarde --------------------+---------------------------------------------------------- Beschrijving van afb|OLYMPUS DIGITAL CAMERA Fabrikant |OLYMPUS IMAGING CORP. Model |E-500 Oriëntatie |Linksboven x-resolutie |314 x-resolutie |314 Resolutieeenheid |Inch Programmatuur |Version 1.0 Datum en tijd |2019:01:01 00:22:51 and a lot more Seems OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Keywords: (none) => advisory, validated_updateCC: (none) => tmb, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0331.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED