[ubuntu/oneiric-security] libexif, libexif_0.6.20-1ubuntu0.1_armel_translations.tar.gz, libexif_0.6.20-1ubuntu0.1_i386_translations.tar.gz, libexif_0.6.20-1ubuntu0.1_powerpc_translations.tar.gz, libexif_0.6.20-1ubuntu0.1_amd64_translations.tar.gz 0.6.20-1ubuntu0.1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Jul 23 18:33:38 UTC 2012
libexif (0.6.20-1ubuntu0.1) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible info disclosure via
corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
- debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
NUL-terminated in libexif/exif-entry.c.
- CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
UTF-16 tag (LP: #1024213)
- debian/patches/CVE-2012-2813.patch: don't read past the end of a
tag when converting from UTF-16 in libexif/exif-entry.c.
- CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2814.patch: fix buffer overflows in
libexif/exif-entry.c.
- CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2836.patch: fix buffer overflows in
libexif/exif-data.c
- CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2837.patch: fix some possible
division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
- CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2840.patch: fix off-by-one in
libexif/exif-utils.c.
- CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer size (LP: #1024213)
- debian/patches/CVE-2012-2841.patch: validate buffer length in
libexif/exif-entry.c.
- CVE-2012-2841
Date: Thu, 19 Jul 2012 13:44:45 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/oneiric/+source/libexif/0.6.20-1ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 19 Jul 2012 13:44:45 -0400
Source: libexif
Binary: libexif-dev libexif12
Architecture: source
Version: 0.6.20-1ubuntu0.1
Distribution: oneiric-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif12 - library to parse EXIF files
Launchpad-Bugs-Fixed: 1024213
Changes:
libexif (0.6.20-1ubuntu0.1) oneiric-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible info disclosure via
corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
- debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
NUL-terminated in libexif/exif-entry.c.
- CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
UTF-16 tag (LP: #1024213)
- debian/patches/CVE-2012-2813.patch: don't read past the end of a
tag when converting from UTF-16 in libexif/exif-entry.c.
- CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2814.patch: fix buffer overflows in
libexif/exif-entry.c.
- CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2836.patch: fix buffer overflows in
libexif/exif-data.c
- CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2837.patch: fix some possible
division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
- CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/CVE-2012-2840.patch: fix off-by-one in
libexif/exif-utils.c.
- CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer size (LP: #1024213)
- debian/patches/CVE-2012-2841.patch: validate buffer length in
libexif/exif-entry.c.
- CVE-2012-2841
Checksums-Sha1:
dabc9512906c9d36c8dd4d44af799ad1297fad1b 2112 libexif_0.6.20-1ubuntu0.1.dsc
1addd55f7cc30e8622e13d857796531f2b25c720 13777 libexif_0.6.20-1ubuntu0.1.debian.tar.gz
Checksums-Sha256:
79cb6f2d6d496ade1fbe4b02425cba27a2bc1a91ecb59fcc81a709c1eed26d23 2112 libexif_0.6.20-1ubuntu0.1.dsc
173f957bc6c88736d546b75f201dc112e1b1a5d3ccbfe39f4eca6cf88b07d3cf 13777 libexif_0.6.20-1ubuntu0.1.debian.tar.gz
Files:
0195c9c268ebb5659aa06c740595dc40 2112 libs optional libexif_0.6.20-1ubuntu0.1.dsc
5fa304cec9c157e002fc9150a7affe7c 13777 libs optional libexif_0.6.20-1ubuntu0.1.debian.tar.gz
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel at lists.alioth.debian.org>
More information about the Oneiric-changes
mailing list