[ubuntu/lucid-security] libexif_0.6.19-1ubuntu0.1_ia64_translations.tar.gz, libexif_0.6.19-1ubuntu0.1_i386_translations.tar.gz, libexif_0.6.19-1ubuntu0.1_powerpc_translations.tar.gz, libexif_0.6.19-1ubuntu0.1_amd64_translations.tar.gz, libexif, libexif_0.6.19-1ubuntu0.1_sparc_translations.tar.gz, libexif_0.6.19-1ubuntu0.1_armel_translations.tar.gz 0.6.19-1ubuntu0.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Jul 23 18:34:07 UTC 2012 

libexif (0.6.19-1ubuntu0.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible info disclosure via
    corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
    - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
      NUL-terminated in libexif/exif-entry.c.
    - CVE-2012-2812
  * SECURITY UPDATE: denial of service and possible info disclosure via
    UTF-16 tag (LP: #1024213)
    - debian/patches/CVE-2012-2813.patch: don't read past the end of a
      tag when converting from UTF-16 in libexif/exif-entry.c.
    - CVE-2012-2813
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
      libexif/exif-entry.c.
    - CVE-2012-2814
  * SECURITY UPDATE: denial of service and possible info disclosure via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
      libexif/exif-data.c
    - CVE-2012-2836
  * SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2837.patch: fix some possible
      division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
    - CVE-2012-2837
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2840.patch: fix off-by-one in
      libexif/exif-utils.c.
    - CVE-2012-2840
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect buffer size (LP: #1024213)
    - debian/patches/CVE-2012-2841.patch: validate buffer length in
      libexif/exif-entry.c.
    - CVE-2012-2841

Date: Thu, 19 Jul 2012 14:16:25 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/libexif/0.6.19-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 19 Jul 2012 14:16:25 -0400
Source: libexif
Binary: libexif-dev libexif12
Architecture: source
Version: 0.6.19-1ubuntu0.1
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libexif-dev - library to parse EXIF files (development files)
 libexif12  - library to parse EXIF files
Launchpad-Bugs-Fixed: 1024213 1024213 1024213 1024213 1024213 1024213 1024213
Changes: 
 libexif (0.6.19-1ubuntu0.1) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible info disclosure via
     corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
     - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
       NUL-terminated in libexif/exif-entry.c.
     - CVE-2012-2812
   * SECURITY UPDATE: denial of service and possible info disclosure via
     UTF-16 tag (LP: #1024213)
     - debian/patches/CVE-2012-2813.patch: don't read past the end of a
       tag when converting from UTF-16 in libexif/exif-entry.c.
     - CVE-2012-2813
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted tags (LP: #1024213)
     - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
       libexif/exif-entry.c.
     - CVE-2012-2814
   * SECURITY UPDATE: denial of service and possible info disclosure via
     crafted tags (LP: #1024213)
     - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
       libexif/exif-data.c
     - CVE-2012-2836
   * SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
     - debian/patches/CVE-2012-2837.patch: fix some possible
       division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
     - CVE-2012-2837
   * SECURITY UPDATE: denial of service and possible code execution via
     crafted tags (LP: #1024213)
     - debian/patches/CVE-2012-2840.patch: fix off-by-one in
       libexif/exif-utils.c.
     - CVE-2012-2840
   * SECURITY UPDATE: denial of service and possible code execution via
     incorrect buffer size (LP: #1024213)
     - debian/patches/CVE-2012-2841.patch: validate buffer length in
       libexif/exif-entry.c.
     - CVE-2012-2841
Checksums-Sha1: 
 928b7a3daa25d23018082fb6ef40323bb1fced14 2106 libexif_0.6.19-1ubuntu0.1.dsc
 c6b40957c8356d2888f37fef5dc9692902ca39dc 11011 libexif_0.6.19-1ubuntu0.1.diff.gz
Checksums-Sha256: 
 63221a9757fed036be4f37fd98a33c85235fd29785e602c13d74058ba7830038 2106 libexif_0.6.19-1ubuntu0.1.dsc
 c5bf2650dbd6af7285dac7910d4ef6157b55645e1d03f8857af27135f79efab4 11011 libexif_0.6.19-1ubuntu0.1.diff.gz
Files: 
 ab4bf9c1098cb29fbaa33c41298de775 2106 libs optional libexif_0.6.19-1ubuntu0.1.dsc
 3cb23ab79a5d3687154ea14e374abbbd 11011 libs optional libexif_0.6.19-1ubuntu0.1.diff.gz
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>

More information about the Lucid-changes mailing list