Package Release Info

exiv2-0.28.8-160000.1.1

Update Info: Base Release
Available in Package Hub : 16.0

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

exiv2

exiv2-lang

libexiv2-devel

Change Logs

* Wed Mar 04 2026 dmueller@suse.com

- update to 0.28.8 (bsc#1259083, CVE-2026-25884, bsc#1259085,
    CVE-2026-27631, bsc#1259084, CVE-2026-27596):
  * [CVE-2026-
    25884](https://github.com/Exiv2/exiv2/security/advisories/GHS
    A-9mxq-4j5g-5wrp)
  * [CVE-2026-
    27596](https://github.com/Exiv2/exiv2/security/advisories/GHS
    A-3wgv-fg4w-75x7)
  * [CVE-2026-
    27631](https://github.com/Exiv2/exiv2/security/advisories/GHS
    A-p2pw-7935-c73j)

* Mon Sep 01 2025 qzhao@suse.com

- Update to 0.28.7:
  * Reverts an ABI incompatibility that was accidentally introduced in v0.28.6;
  * Fixes two low-severity vulnerabilities:
    [CVE-2025-54080](https://github.com/Exiv2/exiv2/security/advisories/GHSA-496f-x7cq-cq39)
    [CVE-2025-55304](https://github.com/Exiv2/exiv2/security/advisories/GHSA-m54q-mm9w-fp6g)
  * Fixes a use-after-free vulnerability in `tiffcomposite_int.cpp`:
    [CVE-2025-26623, bsc#1237347](https://github.com/Exiv2/exiv2/security/advisories/GHSA-38h4-fx85-qcx7)
    (CVE-2025-55304, bsc#1248963, CVE-2025-54080, bsc#1248962)

Version: 0.28.3-160000.2.2

* Mon Jul 08 2024 dmueller@suse.com

- update to 0.28.3 :
  * Release Notes:
    + https://github.com/Exiv2/exiv2/issues/3008
    + https://github.com/Exiv2/exiv2/milestone/14?closed=1
  * This release also fixes a low-severity security issue in
    asfvideo.cpp: out-of-bounds read in AsfVideo::streamProperties.
    (bsc#1227528, CVE-2024-39695)

* Mon Jul 08 2024 dmueller@suse.com

- use --parallel as single-dash parameters are eaten by
  ctest's rpm macro

* Wed Mar 06 2024 bwiedemann@suse.com

- Fix build with --nochecks

* Wed Feb 28 2024 dmueller@suse.com

- update to 0.28.2 :
  * CVE-2024-24826: out-of-bounds read in
    QuickTimeVideo::NikonTagsDecoder.
  * CVE-2024-25112: denial of service due to unbounded
    recursion in QuickTimeVideo::multipleEntriesDecoder.
  (bsc#1219870, CVE-2024-24826, bsc#1219871, CVE-2024-25112)

* Tue Nov 07 2023 dmueller@suse.com

- update to 0.28.1 (bsc#1216923, CVE-2023-44398):
  * Release Notes:
    https://github.com/Exiv2/exiv2/issues/2813
- drop exiv2-metadata-null-checks.patch (upstream)

* Fri Jul 07 2023 kv@kott.no-ip.biz

- add exiv2-metadata-null-checks.patch fixes gwenview crashes and
  other apps https://github.com/Exiv2/exiv2/issues/2638

* Fri Jun 30 2023 dmueller@suse.com

- add a x86-64-v3 build, remove 32bit build (not used)

* Wed Jun 21 2023 mkubecek@suse.cz

- drop old C++ standard hack (patched line dropped in 0.28)
- use g++-11 for Leap 15 builds (fix for failed std::filesystem
  check)

* Mon Jun 19 2023 dmueller@suse.com

- update to 0.28.0:
  - long list of improvements and security fixes, see
  https://github.com/Exiv2/exiv2/issues/2406#issuecomment-1529139799
- drop always-use-signed-char-for-conversion.patch (code no longer exists)
- drop CVE-2022-3953.patch (merged upstream)
- drop xml-static subpackage, cannot be built from shared builds anymore
  and appears to be unused

* Tue Jan 24 2023 dmueller@suse.com

- add always-use-signed-char-for-conversion.patch for test suite
  fixes on non-x86_64