[SECURITY] Fedora 41 Update: mingw-exiv2-0.28.7-1.fc41

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-e5ab9a2288 2025-10-22 01:31:30.739329+00:00 --------------------------------------------------------------------------------

Name : mingw-exiv2 Product : Fedora 41 Version : 0.28.7 Release : 1.fc41 URL : http://www.exiv2.org/ Summary : MinGW Windows exiv2 library Description : MinGW Windows exiv2 library.

-------------------------------------------------------------------------------- Update Information:

Update to exiv2-0.28.7, fixes CVE-2025-54080 and CVE-2025-55304. -------------------------------------------------------------------------------- ChangeLog:

* Tue Sep 2 2025 Sandro Mani manisandro@gmail.com - 0.28.7-1 - Update to 0.28.7 * Fri Aug 29 2025 Sandro Mani manisandro@gmail.com - 0.28.6-1 - Update to 0.28.6 * Thu Jul 24 2025 Fedora Release Engineering releng@fedoraproject.org - 0.28.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Sun Mar 23 2025 Sandro Mani manisandro@gmail.com - 0.28.5-1 - Update to 0.28.5 * Sat Mar 22 2025 Sandro Mani manisandro@gmail.com - 0.27.7-3 - Rebuild * Fri Jan 17 2025 Fedora Release Engineering releng@fedoraproject.org - 0.27.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #2391816 - CVE-2025-54080 mingw-exiv2: Exiv2 Segmentation Faults [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391816 [ 2 ] Bug #2391837 - CVE-2025-55304 mingw-exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2391837 --------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-e5ab9a2288' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------