[ubuntu/hardy-security] libexif 0.6.16-2.1ubuntu0.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jul 23 18:11:13 UTC 2012
libexif (0.6.16-2.1ubuntu0.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible info disclosure via
corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
- debian/patches/CVE-2012-2812.dpatch: fix reading tags that aren't
NUL-terminated in libexif/exif-entry.c.
- CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
UTF-16 tag (LP: #1024213)
- debian/patches/CVE-2012-2813.dpatch: don't read past the end of a
tag when converting from UTF-16 in libexif/exif-entry.c.
- CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2814.dpatch: fix buffer overflows in
libexif/exif-entry.c.
- CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2836.dpatch: fix buffer overflows in
libexif/exif-data.c
- CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2837.dpatch: fix some possible
division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
- CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2840.dpatch: fix off-by-one in
libexif/exif-utils.c.
- CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer size (LP: #1024213)
- debian/patches/CVE-2012-2841.dpatch: validate buffer length in
libexif/exif-entry.c.
- CVE-2012-2841
Date: 2012-07-19 19:16:32.103354+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/hardy/+source/libexif/0.6.16-2.1ubuntu0.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Hardy-changes
mailing list