From e695a8b51235f329adfb5a220f2b5894154c1bff Mon Sep 17 00:00:00 2001
From: Chris Lamb <lamby@debian.org>
Date: Fri, 19 Aug 2022 12:45:40 -0700
Subject: data/dla-needed.txt: Triage exiv2 for buster LTS (CVE-2020-19716)

---
 data/dla-needed.txt | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'data/dla-needed.txt')

diff --git a/data/dla-needed.txt b/data/dla-needed.txt
index 21bc59784f..a91d2044a1 100644
--- a/data/dla-needed.txt
+++ b/data/dla-needed.txt
@@ -29,6 +29,10 @@ asterisk (Markus Koschany)
 curl (Markus Koschany)
   NOTE: 20220802: Programming language: C.
 --
+exiv2
+  NOTE: 20220819: Programming language: C++.
+  NOTE: 20220819: https://github.com/Exiv2/exiv2/commit/109d5df7abd329f141b500c92a00178d35a6bef3#diff-bd28aafd4c87975a3a236af74c2200db447587fa0bb4f43ba9beb98738c77b2aL292 does not directly apply, but a very quick glance suggests the earlier code may be equally vulnerable. (Chris Lamb)
+--
 jetty9 (Markus Koschany)
   NOTE: 20220802: Programming language: Java.
 --
-- 
cgit v1.2.3