Created attachment 224861 [details] exiftool patch I only suggest we bump to 12.25 which is a development release instead of the latest production release because there is a severe security bug that has only been fixed in development releases. https://exiftool.org/history.html <-- still lists 12.16 as latest https://seclists.org/oss-sec/2021/q2/114 I am told that this is exploitable with specially crafted files that are not DJVU -- like common formats of JPEG, PNG, etc -- but I haven't found a public PoC for that.
Submitter is a committer.
Created attachment 225118 [details] p5-Image-ExifTool-12.16.patch Jan. 21, 2021 - Version 12.16 (production release) https://exiftool.org/history.html#v12.16
(In reply to takefu from comment #2) but this version is still vulnerable... we shouldn't push a new release missing an important security fix.
Created attachment 225152 [details] p5-Image-ExifTool-12.16.patch fix CVE-2021-22204
*** Bug 256028 has been marked as a duplicate of this bug. ***
Update to 12.30 bug#260590
dup Bug#264618
@COMMITER, Please close this PR. This port already updated in Bug#264618