community/exiv2: security upgrade to 0.28.1 (!54937) · Merge requests · alpine / aports

Krassy Boykinov requested to merge chereskata/aports:exiv2 into master Nov 07, 2023

https://github.com/Exiv2/exiv2/compare/v0.28.0...v0.28.1

Changelog

Changes from version 0.28.0 to 0.28.1
-------------------------------------

This release fixes [CVE-2023-44398](https://github.com/Exiv2/exiv2/security/advisories/GHSA-hrw9-ggg3-3r4r), an out-of-bounds write in `BmffImage::brotliUncompress`. The vulnerability is in new code that was added in version 0.28.0, so earlier versions of Exiv2 are not affected.

community/exiv2: security upgrade to 0.28.1

Merge request reports