[ubuntu/focal-updates] libexif 0.6.21-6ubuntu0.3 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Jun 16 13:58:20 UTC 2020


libexif (0.6.21-6ubuntu0.3) focal-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0093.patch: fix read
      buffer overflow making sure the number of bytes being
      copied from does not exceed the source buffer size in
      libexif/exif-data.c.
    - CVE-2020-0093
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
      overflow check for a size overflow while reading tags in
      libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif/mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.c.
    - CVE-2020-13112
  * SECURITY UPDATE: Possibly crash and potential use-after-free
    - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
      pointer is not dereferenced later in the case where the number of
      components is 0 in libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif-mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.
    - CVE-2020-13113
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-13114.patch: add a failsafe on the
      maximum number of Canon MakerNote subtags in
      libexif/canon/exif-mnote-data-canon.c.
    - CVE-2020-13114
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0182.patch: fix a buffer read
      overflow in exif_entry_get_value in libexif/exif-entry.c.
    - CVE-2020-0182
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
      in libexif/exif-data.c.
    - CVE-2020-0198

Date: 2020-06-10 17:29:16.766787+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libexif/0.6.21-6ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.


More information about the Focal-changes mailing list