Change log for exiv2 package in Ubuntu
1 → 75 of 102 results | First • Previous • Next • Last |
Published in oracular-release |
Published in noble-release |
Deleted in noble-proposed (Reason: Moved to noble) |
exiv2 (0.27.6-1build1) noble; urgency=high * No change rebuild for 64-bit time_t and frame pointers. -- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 17:57:19 +0200
Available diffs
- diff from 0.27.6-1 (in Debian) to 0.27.6-1build1 (553 bytes)
Superseded in noble-release |
Published in mantic-release |
Published in lunar-release |
Deleted in lunar-proposed (Reason: Moved to lunar) |
exiv2 (0.27.6-1) unstable; urgency=medium * Team upload. * New upstream release. * Update standards version to 4.6.2, no changes needed. * Update Vcs-* fields. * Use execute_after_dh_* to avoid invoking dh_* manually * Execute chrpath right after dh_auto_install, rather than after dh_install. * Update the build dependencies according to the upstream build system: - bump cmake to 3.7.2 * Remove non-existing file from copyright. * Rename debian/docs to debian/exiv2.docs, to make it clearer (and consistent with other files) to which package it refers to. -- Pino Toscano <email address hidden> Sat, 28 Jan 2023 11:45:47 +0100
Available diffs
- diff from 0.27.5-4 to 0.27.6-1 (46.4 KiB)
Superseded in lunar-release |
Obsolete in kinetic-release |
Deleted in kinetic-proposed (Reason: Moved to kinetic) |
exiv2 (0.27.5-4) unstable; urgency=medium * Team upload. [ Sandro Knauß ] * Update symbol file for gcc-12 (Closes: #1012920). * Update Standards-Version to 4.6.1 (No changes needed). * Update symbols for link time optimation (Closes: #1015399). -- Sandro Knauß <email address hidden> Mon, 22 Aug 2022 14:33:14 +0200
Available diffs
Superseded in kinetic-release |
Published in jammy-release |
Deleted in jammy-proposed (Reason: Moved to jammy) |
exiv2 (0.27.5-3ubuntu1) jammy; urgency=medium * Sync with Debian (LP: #1959508). Remaining change: - Mark symbols as optional not seen when building with lto
Available diffs
exiv2 (0.27.5-1ubuntu1) jammy; urgency=medium * Sync with Debian. Remaining change: - Mark symbols as optional not seen when building with lto * Mark additional symbols as optional not seen on latest Ubuntu build
Available diffs
- diff from 0.27.3-3.1ubuntu1 to 0.27.5-1ubuntu1 (438.8 KiB)
exiv2 (0.27.3-3ubuntu4.1) impish-security; urgency=medium * SECURITY REGRESSION: out of range access that may cause a crash - debian/patches/CVE-2021-37620-4.patch: fix out of range access that may cause a crash (LP: #1941752) - debian/patches/CVE-2021-37620-5.patch: backport to C++98 (a str.pop_back that was added in C++11) - Thanks Simon Schmeißer -- Leonidas Da Silva Barbosa <email address hidden> Mon, 10 Jan 2022 10:28:12 -0300
Available diffs
exiv2 (0.27.3-3ubuntu1.6) hirsute-security; urgency=medium * SECURITY REGRESSION: out of range access that may cause a crash - debian/patches/CVE-2021-37620-4.patch: fix out of range access that may cause a crash (LP: #1941752) - debian/patches/CVE-2021-37620-5.patch: backport to C++98 (a str.pop_back that was added in C++11) - Thanks Simon Schmeißer -- Leonidas Da Silva Barbosa <email address hidden> Mon, 10 Jan 2022 10:22:10 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.7) focal-security; urgency=medium * SECURITY REGRESSION: fix out of range access * Bugfix: Fix regression introduced when fixing CVE-2021-37620 (LP: #1941752) - debian/patches/CVE-2021-37620-4.patch: fix out of range access - debian/patches/CVE-2021-37620-5.patch: backport to C++98 -- Simon Schmeißer <email address hidden> Thu, 30 Dec 2021 21:40:13 +0100
Available diffs
exiv2 (0.27.3-3.1ubuntu1) jammy; urgency=medium * Merge with Debian. -- Robert Ancell <email address hidden> Wed, 17 Nov 2021 10:45:25 +1300
Available diffs
Superseded in jammy-release |
Obsolete in impish-release |
Deleted in impish-proposed (Reason: Moved to impish) |
exiv2 (0.27.3-3ubuntu4) impish; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds regression test, adds msgs prints for DEBUG flags in src/crwimage_int.cpp. - CVE-2021-32815 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34334-*.patch: adds regression test, adds an extra checking to prevent the loop counter from wrapping around in crwimage_int.cpp; adds defensive code to avoid integer overflow in loop conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp, src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp, src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp, src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential integer overflow in bytes.size() in src/iptc.cpp; changes type of escapeStart to size_t in src/exiv2.cpp; fix warning comparison of integer expressions of different signedness in src/iptc.cpp, src/tags_int.cpp. - CVE-2021-34334 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34335-*.patch: adds regression test; prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive code in include/exiv2/value.hpp, src/tags_int.cpp. - CVE-2021-34335 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-37615-37616-*.patch: adds regression test; throw exception if lens info wasn't found in src/pentaxmn_int.cpp; adds a check to findKey din't return end() in src/convert.cpp, src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp. - CVE-2021-37615 - CVE-2021-37616 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37618-*.patch: adds regression test; adds a better bounds checking for Jp2Image::printStructure in src/jp2image.cpp. - CVE-2021-37618 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37619-*.patch: adds regression test; fix incorrect loop condition in src/jp2image.cpp. - CVE-2021-37619 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37620-*.patch: adds regression test; check that type ins't an empty string in src/values.cpp and adds safer vector indexing in multiples files in src/*. - CVE-2021-37620 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37621-*.patch: adds regression test; checks dirlength to avoid infinite loop and adds some defensive code in src/image.cpp. - CVE-2021-37621 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure that read is complete to prevent infinite loop and remove dedundant check in src/jpgimage.cpp. - CVE-2021-37622 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-37623-1.patch: adds regression test. - debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() in src/jpgimage.cpp. - debian/patches/CVE-2021-37623-3.patch: improves handling of jpg segments to avoid out-of-bound in src/jpgimage.cpp, test/data/icc-test.out, tests/bugfixes/redmine/test_issue_1247.py. - debian/patches/CVE-2021-37623-4.patch: fix a compiler warning in src/jpgimage.cpp. - debian/patches/CVE-2021-37623-5.patch: updates src/jpgimage.cpp. - debian/patches/CVE-2021-37623-6.patch: fix poc tests. - debian/patches/CVE-2021-37623-7.patch: Adds comments to explain bounds-check in src/jpgimage.cpp. - CVE-2021-37623 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 11 Aug 2021 15:13:27 -0300
Available diffs
- diff from 0.27.3-3ubuntu3 to 0.27.3-3ubuntu4 (128.7 KiB)
exiv2 (0.25-3.1ubuntu0.18.04.11) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes adds msgs prints for DEBUG flags in src/crwimage_int.cpp. - CVE-2021-32815 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34334-*.patch: adds an extra checking to prevent the loop counter from wrapping around in crwimage.cpp; changes type of escapeStart to size_t in src/exiv2.cpp; - CVE-2021-34334 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37620-*.patch: check that type isn't an empty string in src/values.cpp and adds safer vector indexing in multiples files in src/*. - CVE-2021-37620 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37622-*.patch: makes sure that read is complete to prevent infinite loop and remove dedundant check in src/jpgimage.cpp. - CVE-2021-37622 * debian/patches/fix_enforce_include.patch: includes enforce in crwimage.cpp. -- Leonidas Da Silva Barbosa <email address hidden> Mon, 16 Aug 2021 12:16:38 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.6) focal-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds regression test, adds msgs prints for DEBUG flags in src/crwimage_int.cpp. - CVE-2021-32815 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34334-*.patch: adds regression test, adds an extra checking to prevent the loop counter from wrapping around in crwimage_int.cpp; adds defensive code to avoid integer overflow in loop conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp, src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp, src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp, src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential integer overflow in bytes.size() in src/iptc.cpp; changes type of escapeStart to size_t in src/exiv2.cpp; fix warning comparison of integer expressions of different signedness in src/iptc.cpp, src/tags_int.cpp. - CVE-2021-34334 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34335-*.patch: adds regression test; prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive code in include/exiv2/value.hpp, src/tags_int.cpp. - CVE-2021-34335 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-37615-37616-*.patch: adds regression test; throw exception if lens info wasn't found in src/pentaxmn_int.cpp; adds a check to findKey din't return end() in src/convert.cpp, src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp. - CVE-2021-37615 - CVE-2021-37616 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37618-*.patch: adds regression test; adds a better bounds checking for Jp2Image::printStructure in src/jp2image.cpp. - CVE-2021-37618 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37619-*.patch: adds regression test; fix incorrect loop condition in src/jp2image.cpp. - CVE-2021-37619 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37620-*.patch: adds regression test; check that type isn't an empty string in src/values.cpp and adds safer vector indexing in multiples files in src/*. - CVE-2021-37620 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37621-*.patch: adds regression test; checks dirlength to avoid infinite loop and adds some defensive code in src/image.cpp. - CVE-2021-37621 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure that read is complete to prevent infinite loop and remove dedundant check in src/jpgimage.cpp. - CVE-2021-37622 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-37623-1.patch: adds regression test. - debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() to avoid a infinite loop in src/jpgimage.cpp. - CVE-2021-37623 * debian/patches/fix_enforce_include.patch: includes enforce in crwimage_int.cpp. -- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Aug 2021 13:18:13 -0300
Available diffs
- diff from 0.27.2-8ubuntu2.5 to 0.27.2-8ubuntu2.6 (117.7 KiB)
exiv2 (0.27.3-3ubuntu1.5) hirsute-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds regression test, adds msgs prints for DEBUG flags in src/crwimage_int.cpp. - CVE-2021-32815 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34334-*.patch: adds regression test, adds an extra checking to prevent the loop counter from wrapping around in crwimage_int.cpp; adds defensive code to avoid integer overflow in loop conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp, src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp, src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp, src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential integer overflow in bytes.size() in src/iptc.cpp; changes type of escapeStart to size_t in src/exiv2.cpp; fix warning comparison of integer expressions of different signedness in src/iptc.cpp, src/tags_int.cpp. - CVE-2021-34334 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-34335-*.patch: adds regression test; prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive code in include/exiv2/value.hpp, src/tags_int.cpp. - CVE-2021-34335 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-37615-37616-*.patch: adds regression test; throw exception if lens info wasn't found in src/pentaxmn_int.cpp; adds a check to findKey din't return end() in src/convert.cpp, src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp. - CVE-2021-37615 - CVE-2021-37616 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37618-*.patch: adds regression test; adds a better bounds checking for Jp2Image::printStructure in src/jp2image.cpp. - CVE-2021-37618 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37619-*.patch: adds regression test; fix incorrect loop condition in src/jp2image.cpp. - CVE-2021-37619 * SECURITY UPDATE: Out-of-bounds read - debian/patches/CVE-2021-37620-*.patch: adds regression test; check that type ins't an empty string in src/values.cpp and adds safer vector indexing in multiples files in src/*. - CVE-2021-37620 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37621-*.patch: adds regression test; checks dirlength to avoid infinite loop and adds some defensive code in src/image.cpp. - CVE-2021-37621 * SECURITY UPDATE: Infinite loop - debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure that read is complete to prevent infinite loop and remove dedundant check in src/jpgimage.cpp. - CVE-2021-37622 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-37623-1.patch: adds regression test. - debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() in src/jpgimage.cpp. - debian/patches/CVE-2021-37623-3.patch: improves handling of jpg segments to avoid out-of-bound in src/jpgimage.cpp, test/data/icc-test.out, tests/bugfixes/redmine/test_issue_1247.py. - debian/patches/CVE-2021-37623-4.patch: fix a compiler warning in src/jpgimage.cpp. - debian/patches/CVE-2021-37623-5.patch: updates src/jpgimage.cpp. - debian/patches/CVE-2021-37623-6.patch: fix poc tests. - debian/patches/CVE-2021-37623-7.patch: Adds comments to explain bounds-check in src/jpgimage.cpp. - CVE-2021-37623 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Aug 2021 10:18:53 -0300
Available diffs
- diff from 0.27.3-3ubuntu1.4 to 0.27.3-3ubuntu1.5 (128.8 KiB)
exiv2 (0.27.3-3ubuntu3) impish; urgency=medium * SECURITY UPDATE: Leak bytes of stack memory - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error conditions of iIo.read() src/webpimage.cpp. - CVE-2021-29623 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug in xmpsdk/src/XMPMeta-Parse.cpp. - CVE-2021-32617 * SECURITY UPDATE: Buffer Overflow - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit and throw exception in case box is broken in src/jp2image.cpp. - CVE-2021-31291 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 11:43:24 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.10) bionic-security; urgency=medium * SECURITY UPDATE: Buffer Overflow - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit and throw exception in case box is broken in src/jp2image.cpp. - CVE-2021-31291 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 14:45:08 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.5) focal-security; urgency=medium * SECURITY UPDATE: Buffer Overflow - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit and throw exception in case box is broken in src/jp2image.cpp. - CVE-2021-31291 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 12:23:12 -0300
Available diffs
- diff from 0.27.2-8ubuntu2.4 to 0.27.2-8ubuntu2.5 (930 bytes)
exiv2 (0.27.3-3ubuntu1.4) hirsute-security; urgency=medium * SECURITY UPDATE: Buffer Overflow - debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit and throw exception in case box is broken in src/jp2image.cpp. - CVE-2021-31291 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 12:13:39 -0300
Available diffs
- diff from 0.27.3-3ubuntu1.3 to 0.27.3-3ubuntu1.4 (938 bytes)
exiv2 (0.25-3.1ubuntu0.18.04.9) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29473.patch: Add bounds check in Jp2Image::doWriteMetadata() in src/jp2image.cpp. - CVE-2021-29473 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug in xmpsdk/src/XMPMeta-Parse.cpp. - CVE-2021-32617 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 12:10:13 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.4) focal-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29463.patch: Improve bound checking in WebPImage::doWriteMetadata() in src/webpimage.cpp. - CVE-2021-29463 * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-29464.patch: better bounds checking in Jp2Image::encodeJp2Header() in src/jp2image.cpp. - CVE-2021-29464 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29473.patch: Add bounds check in Jp2Image::doWriteMetadata() in src/jp2image.cpp. - CVE-2021-29473 * SECURITY UPDATE: Leak bytes of stack memory - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error conditions of iIo.read() src/webpimage.cpp. - CVE-2021-29623 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug in xmpsdk/src/XMPMeta-Parse.cpp. - CVE-2021-32617 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 10:52:19 -0300
Available diffs
exiv2 (0.27.3-3ubuntu0.4) groovy-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29463.patch: Improve bound checking in WebPImage::doWriteMetadata() in src/webpimage.cpp. - CVE-2021-29463 * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-29464.patch: better bounds checking in Jp2Image::encodeJp2Header() in src/jp2image.cpp. - CVE-2021-29464 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29473.patch: Add bounds check in Jp2Image::doWriteMetadata() in src/jp2image.cpp. - CVE-2021-29473 * SECURITY UPDATE: Leak bytes of stack memory - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error conditions of iIo.read() src/webpimage.cpp. - CVE-2021-29623 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug in xmpsdk/src/XMPMeta-Parse.cpp. - CVE-2021-32617 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 10:29:52 -0300
Available diffs
exiv2 (0.27.3-3ubuntu1.3) hirsute-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29463.patch: Improve bound checking in WebPImage::doWriteMetadata() in src/webpimage.cpp. - CVE-2021-29463 * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-29464.patch: better bounds checking in Jp2Image::encodeJp2Header() in src/jp2image.cpp. - CVE-2021-29464 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29473.patch: Add bounds check in Jp2Image::doWriteMetadata() in src/jp2image.cpp. - CVE-2021-29473 * SECURITY UPDATE: Leak bytes of stack memory - debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error conditions of iIo.read() src/webpimage.cpp. - CVE-2021-29623 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug in xmpsdk/src/XMPMeta-Parse.cpp. - CVE-2021-32617 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 09:59:46 -0300
Available diffs
exiv2 (0.27.3-3ubuntu2) impish; urgency=medium * SECURITY UPDATE: An out of buffer access - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp (LP: #1923479) - CVE-2021-29457 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp (LP: #1923479) - CVE-2021-29458 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29463.patch: Improve bound checking in WebPImage::doWriteMetadata() in src/webpimage.cpp. - CVE-2021-29463 * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-29464.patch: better bounds checking in Jp2Image::encodeJp2Header() in src/jp2image.cpp. - CVE-2021-29464 * SECURITY UPDATE: Out-of-bounds - debian/patches/CVE-2021-29470.patch: Add more bound checks in Jp2Image::encodeJp2Header. - CVE-2021-29470 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2021-29473.patch: Add bounds check in Jp2Image::doWriteMetadata() in src/jp2image.cpp. - CVE-2021-29743 * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-3482.patch: fix buffer overflow in src/jp2image.cpp. - CVE-2021-3482 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 May 2021 09:53:39 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.2) focal-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-3482-*.patch: fix buffer overflow in src/jp2image.cpp and adds tests test/data/poc_1522.jp2, tests/bugfixes/github/test_issue_1522.py. - debian/source/include-binaries: add poc_1522.jp2 entry. - CVE-2021-3482 * SECURITY UPDATE: An out of buffer access - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp (LP: #1923479) - CVE-2021-29457 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp (LP: #1923479) - CVE-2021-29458 * SECURITY UPDATE: Out-of-bounds - debian/patches/CVE-2021-29470-*.patch: Add more bound checks in Jp2Image::encodeJp2Header and add some tests from/for github. - CVE-2021-29470 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 13 Apr 2021 09:49:39 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.7) bionic-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-3482.patch: fix buffer overflow in src/jp2image.cpp. - CVE-2021-3482 * SECURITY UPDATE: An out of buffer access - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp (LP: #1923479) - CVE-2021-29457 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp (LP: #1923479) - CVE-2021-29458 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 13 Apr 2021 13:24:50 -0300
Available diffs
exiv2 (0.27.3-3ubuntu1.1) hirsute-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-3482-*.patch: fix buffer overflow in src/jp2image.cpp and adds tests test/data/poc_1522.jp2, tests/bugfixes/github/test_issue_1522.py. - debian/source/include-binaries: add poc_1522.jp2 entry. - CVE-2021-3482 * SECURITY UPDATE: An out of buffer access - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp (LP: #1923479) - CVE-2021-29457 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp (LP: #1923479) - CVE-2021-29458 * SECURITY UPDATE: Out-of-bounds - debian/patches/CVE-2021-29470-*.patch: Add more bound checks in Jp2Image::encodeJp2Header and add some tests from/for github. - CVE-2021-29470 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 12 Apr 2021 14:47:29 -0300
Available diffs
exiv2 (0.27.3-3ubuntu0.2) groovy-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow - debian/patches/CVE-2021-3482-*.patch: fix buffer overflow in src/jp2image.cpp and adds tests test/data/poc_1522.jp2, tests/bugfixes/github/test_issue_1522.py. - debian/source/include-binaries: add poc_1522.jp2 entry. - CVE-2021-3482 * SECURITY UPDATE: An out of buffer access - debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp (LP: #1923479) - CVE-2021-29457 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp (LP: #1923479) - CVE-2021-29458 * SECURITY UPDATE: Out-of-bounds - debian/patches/CVE-2021-29470-*.patch: Add more bound checks in Jp2Image::encodeJp2Header and add some tests from/for github. - CVE-2021-29470 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 12 Apr 2021 15:25:12 -0300
Available diffs
Superseded in impish-release |
Obsolete in hirsute-release |
Deleted in hirsute-proposed (Reason: Moved to hirsute) |
exiv2 (0.27.3-3ubuntu1) hirsute; urgency=medium * Mark symbols as optional not seen when building with lto. -- Matthias Klose <email address hidden> Mon, 22 Mar 2021 20:18:15 +0100
Available diffs
Superseded in hirsute-release |
Obsolete in groovy-release |
Deleted in groovy-proposed (Reason: moved to Release) |
exiv2 (0.27.3-3) unstable; urgency=medium * Team upload. * Update symbols file from the logs of buildds. -- Pino Toscano <email address hidden> Sun, 09 Aug 2020 07:15:23 +0200
Available diffs
Superseded in groovy-release |
Published in focal-release |
Deleted in focal-proposed (Reason: moved to Release) |
exiv2 (0.27.2-8ubuntu2) focal; urgency=medium * debian/patches/CVE-2019-17402.patch - reapply thanks to ricotz! - https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1715931/comments/12 -- Gianfranco Costamagna <email address hidden> Fri, 07 Feb 2020 08:39:09 +0100
Available diffs
exiv2 (0.25-4ubuntu2.2) eoan-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop in src/jp2image.cpp. - CVE-2019-20421 -- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 13:49:27 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.5) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop in src/jp2image.cpp. - CVE-2019-20421 -- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 12:37:33 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.6) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop in src/jp2image.cpp. - CVE-2019-20421 -- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 11:42:12 -0300
Available diffs
Superseded in focal-proposed |
exiv2 (0.27.2-8ubuntu1) focal; urgency=medium * Mark one symbol as optional on s390x, disappeared with gcc-10 -- Gianfranco Costamagna <email address hidden> Tue, 04 Feb 2020 11:55:13 +0100
Available diffs
- diff from 0.27.2-8build1 to 0.27.2-8ubuntu1 (317 bytes)
Superseded in focal-proposed |
exiv2 (0.27.2-8build1) focal; urgency=medium * Mark one symbol as optional on s390x -- Gianfranco Costamagna <email address hidden> Tue, 04 Feb 2020 11:55:13 +0100
Available diffs
- diff from 0.27.2-8 (in Debian) to 0.27.2-8build1 (492 bytes)
exiv2 (0.27.2-8) unstable; urgency=medium * Team upload. * Update symbols file from the logs of buildds. * Merge useful changes from 0.25-4: - add Maximiliano Curia as Uploader - adjust version of dbgsym migration * Drop the python:native build dependency, as it is not used. (Closes: #936496) * Sort install files. * Move the static libexiv2-xmp.a from libexiv2-27 to libexiv2-dev, as it is needed only for development - add proper breaks/replaces * The current way to build the API documentation is suboptimal: even in -indep builds a an -arch build is forced; also the separate doc build requires a custom patch, Instead: - move the common arguments for cmake to a variable to avoid duplication - pass -DEXIV2_BUILD_DOC=ON to enable the documentation build, unless on -arch builds - pass -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/exiv2/html to cmake to change the installation directory of the documentation (mostly for the "html" part), and change libexiv2-doc.docs to pick it from that location - call the "doc" target in -indep builds - drop patch 0001-doc-only-build-target.patch, no more needed now * Remove patch numbers from patch files. * Backport upstream commits 4c28673b641d7eacb50baafb5c286f6900ce2002, and d4d4d766e9ade2376115eb41cc478eb195df1b39 to fix CVE-2019-9143 and CVE-2019-9144; patches Fix-issue-712.patch, and Add-comment-to-explain-choice-of-cut-off-value.patch. (Closes: #923472, #923473) * Backport upstream commit 1b917c3f7dd86336a9f6fda4456422c419dfe88c to fix CVE-2019-20421; patch Fix-1011-fix_1011_jp2_readmetadata_loop.patch. (Closes: #950183) * Add debian/source/include-binaries for the patches Fix-issue-712.patch, and Fix-1011-fix_1011_jp2_readmetadata_loop.patch, as they contain the binary testcases for the fixes. -- Pino Toscano <email address hidden> Thu, 30 Jan 2020 09:39:44 +0100
Available diffs
exiv2 (0.25-4ubuntu3) focal; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-17402.patch: check offset and size against total size in src/crwimage.cpp. - CVE-2019-17402 -- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Oct 2019 14:20:11 -0300
Available diffs
- diff from 0.25-4ubuntu2 to 0.25-4ubuntu3 (1001 bytes)
exiv2 (0.25-4ubuntu2.1) eoan-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-17402.patch: check offset and size against total size in src/crwimage.cpp. - CVE-2019-17402 -- <email address hidden> (Leonidas S. Barbosa) Fri, 18 Oct 2019 09:53:38 -0300
Available diffs
exiv2 (0.25-4ubuntu1.2) disco-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-17402.patch: check offset and size against total size in src/crwimage.cpp. - CVE-2019-17402 -- <email address hidden> (Leonidas S. Barbosa) Thu, 17 Oct 2019 08:42:27 -0300
Available diffs
- diff from 0.25-4ubuntu1.1 to 0.25-4ubuntu1.2 (1017 bytes)
exiv2 (0.25-3.1ubuntu0.18.04.4) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-17402.patch: check offset and size against total size in src/crwimage.cpp. - CVE-2019-17402 -- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Oct 2019 16:46:48 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.5) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-17402.patch: check offset and size against total size in src/crwimage.cpp. - CVE-2019-17402 -- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Oct 2019 16:29:07 -0300
Available diffs
Superseded in focal-release |
Obsolete in eoan-release |
Deleted in eoan-proposed (Reason: moved to release) |
exiv2 (0.25-4ubuntu2) eoan; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch -- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jul 2019 11:49:42 -0300
Available diffs
- diff from 0.25-4ubuntu1 to 0.25-4ubuntu2 (6.3 KiB)
exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch -- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 15:58:32 -0300
Available diffs
exiv2 (0.25-4ubuntu1.1) disco-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch -- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 15:20:16 -0300
Available diffs
exiv2 (0.25-4ubuntu0.2) cosmic-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch -- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 14:26:59 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.3) bionic-security; urgency=medium * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch -- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 08:59:47 -0300
Available diffs
Superseded in eoan-release |
Obsolete in disco-release |
Deleted in disco-proposed (Reason: moved to release) |
exiv2 (0.25-4ubuntu1) disco; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-11591.patch: fix in include/exiv2/value.hpp. - CVE-2017-11591 * SECURITY UPDATE: Remote denial of service - debian/patches/CVE-2017-11683.patch: fix in src/tiffvisitor.cpp. - CVE-2017-11683 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14859_14862_14864.patch: fix in src/error.cpp, src/tiffvisitor.cpp. - CVE-2017-14859 - CVE-2017-14862 - CVE-2017-14864 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-17669.patch: fix in src/pngchunk.cpp. - CVE-2017-17669 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-17581.patch: fix in src/crwimage.cpp. - CVE-2018-17581 * SECURITY UPDATE: Denial of service - debian/patches/CVE-16336.patch: fix in src/pngchunk.cpp. - CVE-2018-16336 * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp. -- <email address hidden> (Leonidas S. Barbosa) Thu, 24 Jan 2019 13:15:19 -0300
Available diffs
exiv2 (0.25-4ubuntu0.1) cosmic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-11591.patch: fix in include/exiv2/value.hpp. - CVE-2017-11591 * SECURITY UPDATE: Remote denial of service - debian/patches/CVE-2017-11683.patch: fix in src/tiffvisitor.cpp. - CVE-2017-11683 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14859_14862_14864.patch: fix in src/error.cpp, src/tiffvisitor.cpp. - CVE-2017-14859 - CVE-2017-14862 - CVE-2017-14864 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-17669.patch: fix in src/pngchunk.cpp. - CVE-2017-17669 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-17581.patch: fix in src/crwimage.cpp. - CVE-2018-17581 * SECURITY UPDATE: Denial of service - debian/patches/CVE-16336*.patch: fix in src/pngchunk.cpp. - CVE-2018-16336 * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp. -- <email address hidden> (Leonidas S. Barbosa) Wed, 09 Jan 2019 10:55:29 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-11591.patch: fix in include/exiv2/value.hpp. - CVE-2017-11591 * SECURITY UPDATE: Remote denial of service - debian/patches/CVE-2017-11683.patch: fix in src/tiffvisitor.cpp. - CVE-2017-11683 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14859_14862_14864.patch: fix in src/error.cpp, src/tiffvisitor.cpp. - CVE-2017-14859 - CVE-2017-14862 - CVE-2017-14864 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-17669.patch: fix in src/pngchunk.cpp. - CVE-2017-17669 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-17581.patch: fix in src/crwimage.cpp. - CVE-2018-17581 * SECURITY UPDATE: Denial of service - debian/patches/CVE-16336*.patch: fix in src/pngchunk.cpp. - CVE-2018-16336 * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp. -- <email address hidden> (Leonidas S. Barbosa) Wed, 09 Jan 2019 09:23:30 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.3) xenial-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-11591.patch: fix in include/exiv2/value.hpp. - CVE-2017-11591 * SECURITY UPDATE: Remote denial of service - debian/patches/CVE-2017-11683.patch: fix in src/tiffvisitor.cpp. - CVE-2017-11683 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14859_14862_14864.patch: fix in src/error.cpp, src/tiffvisitor.cpp. - CVE-2017-14859 - CVE-2017-14862 - CVE-2017-14864 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-17669.patch: fix in src/pngchunk.cpp. - CVE-2017-17669 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-9239.patch: fix in src/tiffcomposite.cpp. - CVE-2017-9239 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-17581.patch: fix in src/crwimage.cpp. - CVE-2018-17581 * SECURITY UPDATE: Denial of service - debian/patches/CVE-16336*.patch: fix in src/pngchunk.cpp. - CVE-2018-16336 * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp. -- <email address hidden> (Leonidas S. Barbosa) Tue, 08 Jan 2019 14:58:44 -0300
Available diffs
exiv2 (0.23-1ubuntu2.2) trusty-security; urgency=medium * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-11591.patch: fix in src/value.hpp. - CVE-2017-11591 * SECURITY UPDATE: Remote denial of service - debian/patches/CVE-2017-11683.patch: fix in src/tiffvisitor.cpp. - CVE-2017-11683 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-14859_14862_14864.patch: fix in src/error.cpp, src/tiffvisitor.cpp. - CVE-2017-14859 - CVE-2017-14862 - CVE-2017-14864 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-17669.patch: fix in src/pngchunk.cpp. - CVE-2017-17669 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2017-9239.patch: fix in src/tiffcomposite.cpp. - CVE-2017-9239 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-17581.patch: fix in src/crwimage.cpp. - CVE-2018-17581 * SECURITY UPDATE: Denial of service - debian/patches/CVE-16336*.patch: fix in src/pngchunk.cpp. - CVE-2018-16336 * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp. -- <email address hidden> (Leonidas S. Barbosa) Tue, 08 Jan 2019 13:38:56 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.17.10.1) artful-security; urgency=medium * SECURITY UPDATE: denial of service through memory exhaustion and a heap-based buffer over-read - debian/patches/CVE-2018-10958_10999*.patch - CVE-2018-10958 - CVE-2018-10999 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10998.patch - CVE-2018-10998 * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2018-11531*.patch - CVE-2018-11531 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12264.patch - CVE-2018-12264 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12265*.patch - CVE-2018-12265 -- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:40:41 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: denial of service through memory exhaustion and a heap-based buffer over-read - debian/patches/CVE-2018-10958_10999*.patch - CVE-2018-10958 - CVE-2018-10999 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10998.patch - CVE-2018-10998 * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2018-11531*.patch - CVE-2018-11531 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12264.patch - CVE-2018-12264 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12265*.patch - CVE-2018-12265 -- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:53:30 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.2) xenial-security; urgency=medium * SECURITY UPDATE: denial of service through memory exhaustion and a heap-based buffer over-read - debian/patches/CVE-2018-10958_10999*.patch - CVE-2018-10958 - CVE-2018-10999 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10998.patch - CVE-2018-10998 * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2018-11531*.patch - CVE-2018-11531 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12264.patch - CVE-2018-12264 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12265*.patch - CVE-2018-12265 -- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:31:21 -0300
Available diffs
exiv2 (0.23-1ubuntu2.1) trusty-security; urgency=medium * SECURITY UPDATE: denial of service through memory exhaustion and a heap-based buffer over-read - debian/patches/CVE-2018-10958_10999*.patch - CVE-2018-10958 - CVE-2018-10999 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-10998.patch - CVE-2018-10998 * SECURITY UPDATE: Heap-based buffer overflow - debian/patches/CVE-2018-11531*.patch - CVE-2018-11531 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12264.patch - CVE-2018-12264 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-12265*.patch - CVE-2018-12265 -- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:20:45 -0300
Available diffs
Superseded in disco-release |
Obsolete in cosmic-release |
Deleted in cosmic-proposed (Reason: moved to release) |
exiv2 (0.25-4) unstable; urgency=medium [ Roberto C. Sanchez ] * CVE-2018-10958: denial of service through memory exhaustion and application crash by a crafted PNG image. * CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image. * CVE-2018-10998: denial of service through memory exhaustion and application crash by a crafted image. * CVE-2018-11531: a heap-based buffer overflow and application crash by a crafted image. * CVE-2018-12264: integer overflow leading to out of bounds read by a crafted image. (Closes: #901707) * CVE-2018-12265: integer overflow leading to out of bounds read by a crafted image. (Closes: #901706) [ Maximiliano Curia ] * Bump debhelper build-dep and compat to 11 * Bump to Standards-Version 4.1.4 * Update Vcs fields * Migrate to automatic dbgsym packages * Drop parallel and autotools_dev from dh call * Update watch file * Release to unstable -- Maximiliano Curia <email address hidden> Thu, 28 Jun 2018 18:05:24 +0200
Available diffs
- diff from 0.25-3.1 to 0.25-4 (11.0 KiB)
Superseded in cosmic-release |
Published in bionic-release |
Obsolete in artful-release |
Deleted in artful-proposed (Reason: moved to release) |
exiv2 (0.25-3.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2017-9239 (Closes: #863410) -- Moritz Muehlenhoff <email address hidden> Mon, 05 Jun 2017 22:42:20 +0200
Available diffs
- diff from 0.25-3 to 0.25-3.1 (770 bytes)
exiv2 (0.25-2.1ubuntu16.04.1) xenial; urgency=medium * SRU 0.25-3 to Ubuntu xenial (LP: #1584853) [ Norbert Preining ] * Fix crashes on Casio images files (upstream cherry pick) (Closes: #814051) * mention XMP in the description (Closes: #790784) -- Gianfranco Costamagna <email address hidden> Tue, 28 Feb 2017 12:17:15 +0100
Available diffs
Superseded in artful-release |
Obsolete in zesty-release |
Obsolete in yakkety-release |
Deleted in yakkety-proposed (Reason: moved to release) |
exiv2 (0.25-3) unstable; urgency=medium [ Norbert Preining ] * Fix crashes on Casio images files (upstream cherry pick) (Closes: #814051) * mention XMP in the description (Closes: #790784) -- Norbert Preining <email address hidden> Tue, 17 May 2016 23:08:21 +0900
Available diffs
- diff from 0.25-2.1 to 0.25-3 (1.2 KiB)
Superseded in yakkety-release |
Published in xenial-release |
Deleted in xenial-proposed (Reason: moved to release) |
exiv2 (0.25-2.1) unstable; urgency=medium * Non-maintainer upload * Fix symbol files for amd64/mips64el/sparc64/sh4 (Closes: #799611). -- YunQiang Su <email address hidden> Thu, 08 Oct 2015 14:39:02 +0800
Available diffs
Superseded in xenial-release |
Obsolete in wily-release |
Deleted in wily-proposed (Reason: moved to release) |
exiv2 (0.25-1ubuntu1) wily; urgency=medium * Temporarily drop the broken .symbols file. It was just introduced in 0.25.1, but needs to be adjusted for all architectures. -- Martin Pitt <email address hidden> Wed, 05 Aug 2015 16:59:51 +0200
Available diffs
- diff from 0.24-4.1 (in Debian) to 0.25-1ubuntu1 (3.7 MiB)
- diff from 0.25-1 to 0.25-1ubuntu1 (8.5 KiB)
exiv2 (0.25-1) unstable; urgency=medium [ Pino Toscano ] * libexiv2-dev: stop again depending on pkg-config, as this is no more needed now (for real this time). [ Maximiliano Curia ] * New upstream release (0.25). (Closes: #789956) * Refresh patch: libtool_update.diff * Remove upstream applied patch: CVE-2014-9449.patch * Bump Standards-Version to 3.9.6, no changes needed. * Update copyright information. -- Martin Pitt <email address hidden> Wed, 05 Aug 2015 13:07:18 +0200
Available diffs
Superseded in wily-proposed |
exiv2 (0.24-4.1ubuntu1~gcc5) wily; urgency=medium * Renamed library for gcc5 transition (Closes: #791030) -- Martin Pitt <email address hidden> Thu, 30 Jul 2015 12:46:17 +0200
Available diffs
Superseded in wily-release |
Obsolete in vivid-release |
Deleted in vivid-proposed (Reason: moved to release) |
exiv2 (0.24-4.1) unstable; urgency=medium * Non-maintainer upload. * Add CVE-2014-9449.patch patch. CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler Thanks to Klaus Ethgen <email address hidden> (Closes: #773846) -- Salvatore Bonaccorso <email address hidden> Wed, 07 Jan 2015 20:25:48 +0100
Available diffs
exiv2 (0.24-2ubuntu1.1) utopic-security; urgency=medium * SECURITY UPDATE: denial of service via buffer overflow - debian/patches/CVE-2014-9449.patch: fix overflow in src/riffvideo.cpp. - CVE-2014-9449 -- Marc Deslauriers <email address hidden> Mon, 05 Jan 2015 12:12:02 -0500
Available diffs
exiv2 (0.24-4ubuntu1) vivid; urgency=medium * SECURITY UPDATE: denial of service via buffer overflow - debian/patches/CVE-2014-9449.patch: fix overflow in src/riffvideo.cpp. - CVE-2014-9449 -- Marc Deslauriers <email address hidden> Mon, 05 Jan 2015 12:06:10 -0500
Available diffs
exiv2 (0.24-4) unstable; urgency=medium * Team upload. * Upload to unstable. (See #732957) * Re-add the pkg-config dependency in libexiv2-dev, as there is still one source relying on it. -- Pino Toscano <email address hidden> Fri, 05 Sep 2014 23:22:40 +0200
Available diffs
Superseded in vivid-release |
Obsolete in utopic-release |
Deleted in utopic-proposed (Reason: moved to release) |
exiv2 (0.24-2ubuntu1) utopic; urgency=medium * Rebase on Debian, remaining Ubuntu changes: (LP: #1269181) * debian/patches/libtool-ppc64el.diff: - Apply libtool patch for powerpc*le-linux support, copied from libtool 2.4.2-1.3ubuntu2. * debian/patches/config-updates.diff: - Update config.{guess,sub} for AArch64. -- Robert Ancell <email address hidden> Fri, 04 Jul 2014 11:46:22 +1200
Available diffs
- diff from 0.23-1ubuntu2 to 0.24-2ubuntu1 (2.4 MiB)
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
exiv2 (0.23-1ubuntu2) trusty; urgency=low * Apply libtool patch for powerpc*le-linux support, copied from libtool 2.4.2-1.3ubuntu2. -- Colin Watson <email address hidden> Tue, 17 Dec 2013 11:57:20 +0000
Available diffs
- diff from 0.23-1ubuntu1 to 0.23-1ubuntu2 (1.2 KiB)
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
exiv2 (0.23-1ubuntu1) saucy; urgency=low * Update config.{guess,sub} for AArch64. -- Matthias Klose <email address hidden> Wed, 09 Oct 2013 20:14:39 +0200
Available diffs
exiv2 (0.23-1) unstable; urgency=low * New upstream release - Fixes "Support for .cr2 RAW files" (Closes: #665736) * NEW package libexiv2-12 - match soname * Drop spelling-error-in-binary.diff - included upstream * Drop spelling-error-in-manpage.diff - included upstream * Upload to unstable - coordinated through debian release - Fixes "please package 0.21 or newer to unstable" (Closes: #650516) * Update to Standard 3.9.3 - no changes necessary -- Mark Purcell <email address hidden> Sat, 05 May 2012 09:31:28 +1000
Available diffs
- diff from 0.22-2 to 0.23-1 (668.9 KiB)
exiv2 (0.22-2) experimental; urgency=low * dh_auto_configure $(shell dpkg-buildflags --export=configure) - Fixes "Please enabled hardened build flags" (Closes: #656356) * dh-linktree - fixes libexiv2-doc: embedded-javascript-library * Update debian/copyright GPL-2 - copyright-refers-to-symlink-license * Fix spelling-error-in-manpage exiv2.1.gz explicitely explicitly * Fix spelling-error-in-binary * Switch to dh_bugfiles * Add samples/ to libexiv2-doc/examples * Fixed "Lib not recommend exiv2" changes to Suggests: (Closes: #615137) -- Mark Purcell <email address hidden> Wed, 25 Jan 2012 07:16:15 +1100
Available diffs
- diff from 0.22-1 to 0.22-2 (3.0 KiB)
exiv2 (0.22-1) experimental; urgency=low * New upstream release * NEW Package libexiv2-11 - soname bump * Drop usr/lib/libexiv2.la non-empty-dependency_libs-in-la-file * Ack NMU, Thanks Luk (Closes: #618747) -- Mark Purcell <email address hidden> Sat, 24 Sep 2011 14:28:30 +1000
exiv2 (0.21.1-0ubuntu2) natty; urgency=low * debian/rules: delete the content of dependency_libs in la file to avoid having to rebuild this package if the path of the libs changes. This fixes also FTBFS in packages that b-d on libexiv2-dev because of incorrect reference of libexpat.la. (LP: #737340) -- Fabrice Coutadeur <email address hidden> Fri, 18 Mar 2011 05:17:26 +0000
Available diffs
- diff from 0.21.1-0ubuntu1 to 0.21.1-0ubuntu2 (987 bytes)
Superseded in natty-release |
exiv2 (0.21.1-0ubuntu1) natty; urgency=low * New upstream release * debian/patches/01_multiple_tags.patch: - Applied upstream -- Robert Ancell <email address hidden> Tue, 15 Feb 2011 11:32:10 +1100
Available diffs
- diff from 0.21-0ubuntu2 to 0.21.1-0ubuntu1 (233.6 KiB)
Superseded in natty-release |
exiv2 (0.21-0ubuntu2) natty; urgency=low * debian/patches/01_multiple_tags.patch: - Fix crash with multiple tags -- Robert Ancell <email address hidden> Wed, 02 Feb 2011 09:29:11 +1100
Available diffs
- diff from 0.21-0ubuntu1 to 0.21-0ubuntu2 (2.1 KiB)
1 → 75 of 102 results | First • Previous • Next • Last |