[ubuntu/eoan-proposed] exiv2 0.25-4ubuntu2 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Jul 15 16:32:13 UTC 2019 

exiv2 (0.25-4ubuntu2) eoan; urgency=medium

   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
       in src/enforce.hpp, use safe:add for preventing overflows in
       PSD files and enforce length of image resource
       section < file size in src/psdimage.cpp.
     - CVE-2018-19107
     - CVE-2018-19108
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2018-19535-*.patch: fixes in
       PngChunk::readRawProfile in src/pngchunk.cpp.
     - CVE-2018-19535
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13110.patch: avoid integer overflow
       in src/crwimage.cpp.
     - CVE-2019-13110
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13112.patch: add bound check
       on allocation size in src/pngchunk.cpp.
     - CVE-2019-13112
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13113.patch: throw an exception
       if the data location is invalid in src/crwimage.cpp,
       src/crwimage_int.hpp.
     - CVE-2019-13113
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13114.patch: avoid null pointer
       exception due to NULL return from strchr in src/http.cpp.
     - CVE-2019-13114
   * Add error codes from src error in order to support CVE-2018-19535
     - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch

Date: Mon, 15 Jul 2019 11:49:42 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/exiv2/0.25-4ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 15 Jul 2019 11:49:42 -0300
Source: exiv2
Architecture: source
Version: 0.25-4ubuntu2
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Changes:
 exiv2 (0.25-4ubuntu2) eoan; urgency=medium
 .
    * SECURITY UPDATE: Integer overflow
      - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
        in src/enforce.hpp, use safe:add for preventing overflows in
        PSD files and enforce length of image resource
        section < file size in src/psdimage.cpp.
      - CVE-2018-19107
      - CVE-2018-19108
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2018-19535-*.patch: fixes in
        PngChunk::readRawProfile in src/pngchunk.cpp.
      - CVE-2018-19535
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13110.patch: avoid integer overflow
        in src/crwimage.cpp.
      - CVE-2019-13110
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13112.patch: add bound check
        on allocation size in src/pngchunk.cpp.
      - CVE-2019-13112
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13113.patch: throw an exception
        if the data location is invalid in src/crwimage.cpp,
        src/crwimage_int.hpp.
      - CVE-2019-13113
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13114.patch: avoid null pointer
        exception due to NULL return from strchr in src/http.cpp.
      - CVE-2019-13114
    * Add error codes from src error in order to support CVE-2018-19535
      - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
Checksums-Sha1:
 0ef9e3299d2e073289d476ec807095054a53f36f 2344 exiv2_0.25-4ubuntu2.dsc
 1aa6d9aae5deb530ef16a6a1285380ac86672945 34596 exiv2_0.25-4ubuntu2.debian.tar.xz
 fb2e7eaad78c0c0df2e1fedf1bcb6d1046cf6fdd 8853 exiv2_0.25-4ubuntu2_source.buildinfo
Checksums-Sha256:
 9d6dfbfc947050b74bf79e7f63ae5a9923093188227c1bebfe637ec2fffab457 2344 exiv2_0.25-4ubuntu2.dsc
 5567d21723be3f9d4946376c07d11913f8694efff039e7996bd7e956d82829a3 34596 exiv2_0.25-4ubuntu2.debian.tar.xz
 491b6b758b303ce0d796c41355037da59db0f773b990a642d0f4e678bcc6a4d0 8853 exiv2_0.25-4ubuntu2_source.buildinfo
Files:
 3c581137b2d9818eda7cd437b50c20bc 2344 graphics optional exiv2_0.25-4ubuntu2.dsc
 4685c3e35adbd04dcd90e4edfc6c24b5 34596 graphics optional exiv2_0.25-4ubuntu2.debian.tar.xz
 bccfd391163422511d33637e2d85ab75 8853 graphics optional exiv2_0.25-4ubuntu2_source.buildinfo
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl0sqeIACgkQZWnYVadE
vpMw8g/6AiAIU+Ci+c7NeQ69tXv7BHlMG/aY8zMaP7k8TtIfN93F8RI9M4rAerag
3lSwGNxu64b85hZr9pfBm4muPgoCunCBxUjFzaI3P7URPI/iaC1z0vKsnnyhrlzx
28M/az6LDPOdQ8Ds2gYJiqyh7+8+URrJBTJocWPpR0nDGFA3aJHkgimM0PF9lr4j
PDnilaLVAj0tSoJOKp9lloR55typQCIZSLPzrtibRts/vQcCtfz6dUsqLbj99yuX
9RsuGfkJnxoa4/PbjawxxJBkNmF2owEmCziN1C+gLrgUTXVsQgVotFhTAVGJZTmf
6B6sV2Rtb4Z/VlfxE3NETwsBEuGrcR+kKSLpVnB3lwrGzXzjpXLNELs2HW05SNg3
3KoYPrSMfv8WCfp6x8VKQxCK/FjEJte1eZRzbjoG5ylHIzxVDPzxaNH/If6zXJ3v
tsQvWBz9Ggf/GWCKvVmhsRpsH70Rmed0td7jY961c5lVdBtEa8VUcDXHyjEhXRwj
4eywx9MjssVYGgfNzkP/9zmocA0vxAG7R/iSLap7KqjKEWou6N3ft36zIQPkDHEG
4ZDtVScnROsRVoDhTq4H5hdtWuvDG0XuITCFQkNT+O4udNzMNtewZmK35gCbeQ3A
vlV6N/eZ4mQOd7K7s9JqLlVdMmYoAVfbkNmOusmre4DHo4ALTIs=
=G4Zl
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list