Skip to content

Commit

Permalink
Exiv2 v0.28.3
Browse files Browse the repository at this point in the history
  • Loading branch information
kevinbackhouse authored and kmilos committed Jul 8, 2024
1 parent 35a6b8f commit cfd3050
Show file tree
Hide file tree
Showing 2 changed files with 72 additions and 0 deletions.
1 change: 1 addition & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
| v0.28 | 2023-05-08 | v0.28.0 | 0.28.x | v0.28.0 | 2023-05-08 | v0.28.0 |
| | | | | v0.28.1 | 2023-11-06 | v0.28.1 |
| | | | | v0.28.2 | 2024-02-13 | v0.28.2 |
| | | | | v0.28.3 | 2024-07-08 | v0.28.3 |
| v0.27 | 2018-12-20 | 0.27 | 0.27-maintenance | v0.27.0 | 2018-12-20 | v0.27.0 |
| | | | | v0.27.1 | 2019-04-18 | v0.27.1 |
| | | | | v0.27.2 | 2019-07-29 | v0.27.2 |
Expand Down
71 changes: 71 additions & 0 deletions doc/ChangeLog
Original file line number Diff line number Diff line change
@@ -1,3 +1,74 @@
Changes from version 0.28.2 to 0.28.3
-------------------------------------

Release Notes:

* https://github.com/Exiv2/exiv2/issues/3008
* https://github.com/Exiv2/exiv2/milestone/14?closed=1

This release also fixes a low-severity security issue in asfvideo.cpp:

* [CVE-2024-39695](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38rv-8x93-pvrh): out-of-bounds read in AsfVideo::streamProperties.

This vulnerability is in a new feature (ASF video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Changes from version 0.28.1 to 0.28.2
-------------------------------------

Release Notes:

* https://github.com/Exiv2/exiv2/issues/2914
* https://github.com/Exiv2/exiv2/milestone/13?closed=1

This release also fixes two low-severity security issues in quicktimevideo.cpp:

* [CVE-2024-24826](https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w): out-of-bounds read in QuickTimeVideo::NikonTagsDecoder.
* [CVE-2024-25112](https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36): denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder.

These vulnerabilities are in a new feature (quicktime video) that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Changes from version 0.28.0 to 0.28.1
-------------------------------------

Release Notes:
https://github.com/Exiv2/exiv2/issues/2813

This release also fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r), an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

Changes from version 0.27.6 to 0.28.0
-------------------------------------

Release Notes:
https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1529139799

Changes from version 0.27.5 to 0.27.6
-------------------------------------

Closed:
https://github.com/Exiv2/exiv2/milestone/10?closed=1

Open:
https://github.com/Exiv2/exiv2/milestone/10?open=1

Release Notes:
https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1383302378

Changes from version 0.27.4 to 0.27.5
-------------------------------------

Closed:
https://github.com/Exiv2/exiv2/milestone/9?closed=1

Open:
https://github.com/Exiv2/exiv2/milestone/9?open=1

Release Notes:
https://github.com/Exiv2/exiv2/issues/1018#issuecomment-948573657

+++++++++++++++++++++++++++++++++++++
------------- History ---------------
+++++++++++++++++++++++++++++++++++++

Changes from version 0.27.3 to 0.27.4
-------------------------------------

Expand Down

0 comments on commit cfd3050

Please sign in to comment.