[ubuntu/xenial-updates] exiv2 0.25-2.1ubuntu16.04.4 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Jul 15 14:28:13 UTC 2019


exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium

   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
       in src/enforce.hpp, use safe:add for preventing overflows in
       PSD files and enforce length of image resource
       section < file size in src/psdimage.cpp.
     - CVE-2018-19107
     - CVE-2018-19108
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2018-19535-*.patch: fixes in
       PngChunk::readRawProfile in src/pngchunk.cpp.
     - CVE-2018-19535
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13110.patch: avoid integer overflow
       in src/crwimage.cpp.
     - CVE-2019-13110
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13112.patch: add bound check
       on allocation size in src/pngchunk.cpp.
     - CVE-2019-13112
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13113.patch: throw an exception
       if the data location is invalid in src/crwimage.cpp,
       src/crwimage_int.hpp.
     - CVE-2019-13113
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13114.patch: avoid null pointer
       exception due to NULL return from strchr in src/http.cpp.
     - CVE-2019-13114
   * Add error codes from src error in order to support CVE-2018-19535
     - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch

Date: 2019-07-10 19:30:14.101670+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/exiv2/0.25-2.1ubuntu16.04.4
-------------- next part --------------
Sorry, changesfile not available.


More information about the Xenial-changes mailing list