[ubuntu/disco-security] exiv2 0.25-4ubuntu1.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon Jul 15 13:30:34 UTC 2019
exiv2 (0.25-4ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
Date: 2019-07-10 18:41:30.089837+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/exiv2/0.25-4ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Disco-changes
mailing list