Date: Tue, 11 May 2021 21:24:20 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 255803] graphics/p5-Image-ExifTool: Update to 12.25 Message-ID: <bug-255803-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255803 Bug ID: 255803 Summary: graphics/p5-Image-ExifTool: Update to 12.25 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: feld@FreeBSD.org CC: devin@sevenlayer.studio Flags: maintainer-feedback?(devin@sevenlayer.studio) CC: devin@sevenlayer.studio Created attachment 224861 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D224861&action= =3Dedit exiftool patch I only suggest we bump to 12.25 which is a development release instead of t= he latest production release because there is a severe security bug that has o= nly been fixed in development releases. https://exiftool.org/history.html <-- still lists 12.16 as latest https://seclists.org/oss-sec/2021/q2/114 I am told that this is exploitable with specially crafted files that are not DJVU -- like common formats of JPEG, PNG, etc -- but I haven't found a publ= ic PoC for that. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255803-7788>