[Buildroot] [git commit branch/2025.11.x] package/exiv2: security bump version to 0.28.8
Thomas Perale
thomas.perale at mind.be
Fri Mar 13 15:01:50 UTC 2026
commit: https://gitlab.com/buildroot.org/buildroot/-/commit/ea4e49e33e772d61ebab338819e571d6b084e325
branch: https://gitlab.com/buildroot.org/buildroot/-/tree/2025.11.x
https://exiv2.org/whatsnew.html
https://github.com/Exiv2/exiv2/blob/v0.28.8/doc/ChangeLog
This release fixes three low-severity vulnerabilities:
CVE-2026-25884: Out-of-bounds read in CrwMap::decode0x0805
CVE-2026-27596: Integer overflow in LoaderNative::getData() causes out-of-bounds read
CVE-2026-27631: Uncaught exception: cannot create std::vector larger than max_size()
Signed-off-by: Bernd Kuhls <bernd at kuhls.net>
Signed-off-by: Julien Olivain <ju.o at free.fr>
(cherry picked from commit 1c3aa5f977a8748f363e64b1225cccfcc848629e)
Signed-off-by: Thomas Perale <thomas.perale at mind.be>
---
package/exiv2/exiv2.hash | 2 +-
package/exiv2/exiv2.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/exiv2/exiv2.hash b/package/exiv2/exiv2.hash
index 1c85f2e1db..7c497cf0eb 100644
--- a/package/exiv2/exiv2.hash
+++ b/package/exiv2/exiv2.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 5e292b02614dbc0cee40fe1116db2f42f63ef6b2ba430c77b614e17b8d61a638 exiv2-0.28.7.tar.gz
+sha256 ea51b0609f58a9afa063b60daa1539948b62247721e154f4fff0ad3aec9f9756 exiv2-0.28.8.tar.gz
sha256 a7ba75cb966aca374711e2af49e5f3aea6a4443a803440f5d93e73a5a1222f66 COPYING
diff --git a/package/exiv2/exiv2.mk b/package/exiv2/exiv2.mk
index e5b55ecde7..d45acae34e 100644
--- a/package/exiv2/exiv2.mk
+++ b/package/exiv2/exiv2.mk
@@ -4,7 +4,7 @@
#
################################################################################
-EXIV2_VERSION = 0.28.7
+EXIV2_VERSION = 0.28.8
EXIV2_SITE = $(call github,Exiv2,exiv2,v$(EXIV2_VERSION))
EXIV2_INSTALL_STAGING = YES
EXIV2_LICENSE = GPL-2.0+
More information about the buildroot
mailing list