2391935 – FE: Exiv2 v0.28.6

Bug 2391935 - FE: Exiv2 v0.28.6

Summary: FE: Exiv2 v0.28.6

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	exiv2
Sub Component:
Version:	43
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Steve Cossette
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	RejectedFreezeException
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2025-08-29 20:46 UTC by Steve Cossette
Modified:	2025-09-16 00:19 UTC (History)
CC List:	3 users (show)
Fixed In Version:	exiv2-0.28.6-2.fc43
Clone Of:
Environment:
Last Closed:	2025-09-16 00:19:04 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	2391817	0	low	CLOSED	CVE-2025-54080 exiv2: Exiv2 Segmentation Faults [fedora-42]	2025-09-16 00:18:56 UTC
Red Hat Bugzilla	2391838	0	low	CLOSED	CVE-2025-55304 exiv2: Exiv2 has quadratic performance in ICC profile parsing in JpegBase::readMetadata [fedora-42]	2026-05-20 13:46:08 UTC

Description Steve Cossette 2025-08-29 20:46:21 UTC

FE Bugtracking ticket for 0.28.6 on F43

Comment 1 Fedora Blocker Bugs Application 2025-08-29 20:49:23 UTC

Proposed as a Freeze Exception for 43-beta by Fedora user farchord using the blocker tracking app because:

 0.28.6 fixes two low severity CVEs.

Comment 2 Fedora Update System 2025-08-31 01:35:58 UTC

FEDORA-2025-c23727e694 (exiv2-0.28.6-2.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-c23727e694

Comment 3 Fedora Update System 2025-09-01 02:09:21 UTC

FEDORA-2025-c23727e694 has been pushed to the Fedora 43 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-c23727e694`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-c23727e694

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 4 Lukas Ruzicka 2025-09-01 17:28:51 UTC

Discussed at the 2025-09-01 (blocker / freeze exception) review meeting:

The vote is split (3–5); the decision has been deferred for further voting on the ticket.

https://meetbot-raw.fedoraproject.org//blocker-review_matrix_fedoraproject-org/2025-09-01/f43-blocker-review.2025-09-01-16.00.txt

Comment 5 Lukas Ruzicka 2025-09-08 17:36:26 UTC

Discussed at the 2025-09-08 (blocker / freeze exception) review meeting:

We consider it still risky to pull in due to the previous ABI breakage, and the CVEs are low-risk, so we will retain this as an update only.

https://meetbot-raw.fedoraproject.org//blocker-review_matrix_fedoraproject-org/2025-09-08/f43-blocker-review.2025-09-08-16.00.txt

Comment 6 Fedora Update System 2025-09-16 00:19:04 UTC

FEDORA-2025-c23727e694 (exiv2-0.28.6-2.fc43) has been pushed to the Fedora 43 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.