Change log for exiv2 package in Ubuntu
| 1 → 75 of 102 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
exiv2 (0.27.6-1build1) noble; urgency=high * No change rebuild for 64-bit time_t and frame pointers. -- Julian Andres Klode <email address hidden> Mon, 08 Apr 2024 17:57:19 +0200
Available diffs
- diff from 0.27.6-1 (in Debian) to 0.27.6-1build1 (553 bytes)
| Superseded in noble-release |
| Published in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
exiv2 (0.27.6-1) unstable; urgency=medium
* Team upload.
* New upstream release.
* Update standards version to 4.6.2, no changes needed.
* Update Vcs-* fields.
* Use execute_after_dh_* to avoid invoking dh_* manually
* Execute chrpath right after dh_auto_install, rather than after dh_install.
* Update the build dependencies according to the upstream build system:
- bump cmake to 3.7.2
* Remove non-existing file from copyright.
* Rename debian/docs to debian/exiv2.docs, to make it clearer (and consistent
with other files) to which package it refers to.
-- Pino Toscano <email address hidden> Sat, 28 Jan 2023 11:45:47 +0100
Available diffs
- diff from 0.27.5-4 to 0.27.6-1 (46.4 KiB)
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
exiv2 (0.27.5-4) unstable; urgency=medium * Team upload. [ Sandro Knauß ] * Update symbol file for gcc-12 (Closes: #1012920). * Update Standards-Version to 4.6.1 (No changes needed). * Update symbols for link time optimation (Closes: #1015399). -- Sandro Knauß <email address hidden> Mon, 22 Aug 2022 14:33:14 +0200
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
exiv2 (0.27.5-3ubuntu1) jammy; urgency=medium * Sync with Debian (LP: #1959508). Remaining change: - Mark symbols as optional not seen when building with lto
Available diffs
exiv2 (0.27.5-1ubuntu1) jammy; urgency=medium
* Sync with Debian. Remaining change:
- Mark symbols as optional not seen when building with lto
* Mark additional symbols as optional not seen on latest Ubuntu build
Available diffs
- diff from 0.27.3-3.1ubuntu1 to 0.27.5-1ubuntu1 (438.8 KiB)
exiv2 (0.27.3-3ubuntu4.1) impish-security; urgency=medium
* SECURITY REGRESSION: out of range access that may cause a crash
- debian/patches/CVE-2021-37620-4.patch: fix out of range access that may
cause a crash (LP: #1941752)
- debian/patches/CVE-2021-37620-5.patch: backport to C++98 (a str.pop_back
that was added in C++11)
- Thanks Simon Schmeißer
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 10 Jan 2022 10:28:12 -0300
Available diffs
exiv2 (0.27.3-3ubuntu1.6) hirsute-security; urgency=medium
* SECURITY REGRESSION: out of range access that may cause a crash
- debian/patches/CVE-2021-37620-4.patch: fix out of range access that may
cause a crash (LP: #1941752)
- debian/patches/CVE-2021-37620-5.patch: backport to C++98 (a str.pop_back
that was added in C++11)
- Thanks Simon Schmeißer
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 10 Jan 2022 10:22:10 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.7) focal-security; urgency=medium
* SECURITY REGRESSION: fix out of range access
* Bugfix: Fix regression introduced when fixing CVE-2021-37620 (LP:
#1941752)
- debian/patches/CVE-2021-37620-4.patch: fix out of range access
- debian/patches/CVE-2021-37620-5.patch: backport to C++98
-- Simon Schmeißer <email address hidden> Thu, 30 Dec 2021 21:40:13 +0100
Available diffs
exiv2 (0.27.3-3.1ubuntu1) jammy; urgency=medium * Merge with Debian. -- Robert Ancell <email address hidden> Wed, 17 Nov 2021 10:45:25 +1300
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
exiv2 (0.27.3-3ubuntu4) impish; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds
regression test, adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds regression test, adds
an extra checking to prevent the loop counter from wrapping around in
crwimage_int.cpp; adds defensive code to avoid integer overflow in loop
conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp,
src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp,
src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp,
src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential
integer overflow in bytes.size() in src/iptc.cpp; changes type of
escapeStart to size_t in src/exiv2.cpp; fix warning comparison of
integer expressions of different signedness in src/iptc.cpp,
src/tags_int.cpp.
- CVE-2021-34334
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34335-*.patch: adds regression test;
prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive
code in include/exiv2/value.hpp, src/tags_int.cpp.
- CVE-2021-34335
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37615-37616-*.patch: adds regression test;
throw exception if lens info wasn't found in src/pentaxmn_int.cpp;
adds a check to findKey din't return end() in src/convert.cpp,
src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp.
- CVE-2021-37615
- CVE-2021-37616
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37618-*.patch: adds regression test; adds
a better bounds checking for Jp2Image::printStructure in
src/jp2image.cpp.
- CVE-2021-37618
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37619-*.patch: adds regression test;
fix incorrect loop condition in src/jp2image.cpp.
- CVE-2021-37619
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch: adds regression test;
check that type ins't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37621-*.patch: adds regression test;
checks dirlength to avoid infinite loop and adds some defensive code in
src/image.cpp.
- CVE-2021-37621
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37623-1.patch: adds regression test.
- debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-3.patch: improves handling of jpg segments
to avoid out-of-bound in src/jpgimage.cpp, test/data/icc-test.out,
tests/bugfixes/redmine/test_issue_1247.py.
- debian/patches/CVE-2021-37623-4.patch: fix a compiler warning in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-5.patch: updates src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-6.patch: fix poc tests.
- debian/patches/CVE-2021-37623-7.patch: Adds comments to explain
bounds-check in src/jpgimage.cpp.
- CVE-2021-37623
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 11 Aug 2021 15:13:27 -0300
Available diffs
- diff from 0.27.3-3ubuntu3 to 0.27.3-3ubuntu4 (128.7 KiB)
exiv2 (0.25-3.1ubuntu0.18.04.11) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes
adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds
an extra checking to prevent the loop counter from wrapping around in
crwimage.cpp; changes type of escapeStart to size_t in src/exiv2.cpp;
- CVE-2021-34334
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch:
check that type isn't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* debian/patches/fix_enforce_include.patch: includes enforce in
crwimage.cpp.
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 16 Aug 2021 12:16:38 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.6) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds
regression test, adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds regression test, adds
an extra checking to prevent the loop counter from wrapping around in
crwimage_int.cpp; adds defensive code to avoid integer overflow in loop
conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp,
src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp,
src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp,
src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential
integer overflow in bytes.size() in src/iptc.cpp; changes type of
escapeStart to size_t in src/exiv2.cpp; fix warning comparison of
integer expressions of different signedness in src/iptc.cpp,
src/tags_int.cpp.
- CVE-2021-34334
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34335-*.patch: adds regression test;
prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive
code in include/exiv2/value.hpp, src/tags_int.cpp.
- CVE-2021-34335
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37615-37616-*.patch: adds regression test;
throw exception if lens info wasn't found in src/pentaxmn_int.cpp;
adds a check to findKey din't return end() in src/convert.cpp,
src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp.
- CVE-2021-37615
- CVE-2021-37616
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37618-*.patch: adds regression test; adds
a better bounds checking for Jp2Image::printStructure in
src/jp2image.cpp.
- CVE-2021-37618
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37619-*.patch: adds regression test;
fix incorrect loop condition in src/jp2image.cpp.
- CVE-2021-37619
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch: adds regression test;
check that type isn't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37621-*.patch: adds regression test;
checks dirlength to avoid infinite loop and adds some defensive code in
src/image.cpp.
- CVE-2021-37621
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37623-1.patch: adds regression test.
- debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() to
avoid a infinite loop in src/jpgimage.cpp.
- CVE-2021-37623
* debian/patches/fix_enforce_include.patch: includes enforce in
crwimage_int.cpp.
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Aug 2021 13:18:13 -0300
Available diffs
- diff from 0.27.2-8ubuntu2.5 to 0.27.2-8ubuntu2.6 (117.7 KiB)
exiv2 (0.27.3-3ubuntu1.5) hirsute-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds
regression test, adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds regression test, adds
an extra checking to prevent the loop counter from wrapping around in
crwimage_int.cpp; adds defensive code to avoid integer overflow in loop
conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp,
src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp,
src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp,
src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential
integer overflow in bytes.size() in src/iptc.cpp; changes type of
escapeStart to size_t in src/exiv2.cpp; fix warning comparison of
integer expressions of different signedness in src/iptc.cpp,
src/tags_int.cpp.
- CVE-2021-34334
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34335-*.patch: adds regression test;
prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive
code in include/exiv2/value.hpp, src/tags_int.cpp.
- CVE-2021-34335
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37615-37616-*.patch: adds regression test;
throw exception if lens info wasn't found in src/pentaxmn_int.cpp;
adds a check to findKey din't return end() in src/convert.cpp,
src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp.
- CVE-2021-37615
- CVE-2021-37616
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37618-*.patch: adds regression test; adds
a better bounds checking for Jp2Image::printStructure in
src/jp2image.cpp.
- CVE-2021-37618
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37619-*.patch: adds regression test;
fix incorrect loop condition in src/jp2image.cpp.
- CVE-2021-37619
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch: adds regression test;
check that type ins't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37621-*.patch: adds regression test;
checks dirlength to avoid infinite loop and adds some defensive code in
src/image.cpp.
- CVE-2021-37621
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37623-1.patch: adds regression test.
- debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-3.patch: improves handling of jpg segments
to avoid out-of-bound in src/jpgimage.cpp, test/data/icc-test.out,
tests/bugfixes/redmine/test_issue_1247.py.
- debian/patches/CVE-2021-37623-4.patch: fix a compiler warning in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-5.patch: updates src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-6.patch: fix poc tests.
- debian/patches/CVE-2021-37623-7.patch: Adds comments to explain
bounds-check in src/jpgimage.cpp.
- CVE-2021-37623
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 12 Aug 2021 10:18:53 -0300
Available diffs
- diff from 0.27.3-3ubuntu1.4 to 0.27.3-3ubuntu1.5 (128.8 KiB)
exiv2 (0.27.3-3ubuntu3) impish; urgency=medium
* SECURITY UPDATE: Leak bytes of stack memory
- debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
conditions of iIo.read() src/webpimage.cpp.
- CVE-2021-29623
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
in xmpsdk/src/XMPMeta-Parse.cpp.
- CVE-2021-32617
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
and throw exception in case box is broken in src/jp2image.cpp.
- CVE-2021-31291
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 11:43:24 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.10) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
and throw exception in case box is broken in src/jp2image.cpp.
- CVE-2021-31291
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 14:45:08 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.5) focal-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
and throw exception in case box is broken in src/jp2image.cpp.
- CVE-2021-31291
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 12:23:12 -0300
Available diffs
- diff from 0.27.2-8ubuntu2.4 to 0.27.2-8ubuntu2.5 (930 bytes)
exiv2 (0.27.3-3ubuntu1.4) hirsute-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2021-31291.patch: fix out of buffer checking limit
and throw exception in case box is broken in src/jp2image.cpp.
- CVE-2021-31291
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 28 Jul 2021 12:13:39 -0300
Available diffs
- diff from 0.27.3-3ubuntu1.3 to 0.27.3-3ubuntu1.4 (938 bytes)
exiv2 (0.25-3.1ubuntu0.18.04.9) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29473.patch: Add bounds check in
Jp2Image::doWriteMetadata() in src/jp2image.cpp.
- CVE-2021-29473
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
in xmpsdk/src/XMPMeta-Parse.cpp.
- CVE-2021-32617
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 12:10:13 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29463.patch: Improve bound checking in
WebPImage::doWriteMetadata() in src/webpimage.cpp.
- CVE-2021-29463
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-29464.patch: better bounds checking in
Jp2Image::encodeJp2Header() in src/jp2image.cpp.
- CVE-2021-29464
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29473.patch: Add bounds check in
Jp2Image::doWriteMetadata() in src/jp2image.cpp.
- CVE-2021-29473
* SECURITY UPDATE: Leak bytes of stack memory
- debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
conditions of iIo.read() src/webpimage.cpp.
- CVE-2021-29623
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
in xmpsdk/src/XMPMeta-Parse.cpp.
- CVE-2021-32617
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 10:52:19 -0300
Available diffs
exiv2 (0.27.3-3ubuntu0.4) groovy-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29463.patch: Improve bound checking in
WebPImage::doWriteMetadata() in src/webpimage.cpp.
- CVE-2021-29463
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-29464.patch: better bounds checking in
Jp2Image::encodeJp2Header() in src/jp2image.cpp.
- CVE-2021-29464
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29473.patch: Add bounds check in
Jp2Image::doWriteMetadata() in src/jp2image.cpp.
- CVE-2021-29473
* SECURITY UPDATE: Leak bytes of stack memory
- debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
conditions of iIo.read() src/webpimage.cpp.
- CVE-2021-29623
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
in xmpsdk/src/XMPMeta-Parse.cpp.
- CVE-2021-32617
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 10:29:52 -0300
Available diffs
exiv2 (0.27.3-3ubuntu1.3) hirsute-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29463.patch: Improve bound checking in
WebPImage::doWriteMetadata() in src/webpimage.cpp.
- CVE-2021-29463
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-29464.patch: better bounds checking in
Jp2Image::encodeJp2Header() in src/jp2image.cpp.
- CVE-2021-29464
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29473.patch: Add bounds check in
Jp2Image::doWriteMetadata() in src/jp2image.cpp.
- CVE-2021-29473
* SECURITY UPDATE: Leak bytes of stack memory
- debian/patches/CVE-2021-29623.patch: Use readOrThrow to check error
conditions of iIo.read() src/webpimage.cpp.
- CVE-2021-29623
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32617.patch: Fix quadratic complexity performance bug
in xmpsdk/src/XMPMeta-Parse.cpp.
- CVE-2021-32617
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 May 2021 09:59:46 -0300
Available diffs
exiv2 (0.27.3-3ubuntu2) impish; urgency=medium
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29463.patch: Improve bound checking in
WebPImage::doWriteMetadata() in src/webpimage.cpp.
- CVE-2021-29463
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-29464.patch: better bounds checking in
Jp2Image::encodeJp2Header() in src/jp2image.cpp.
- CVE-2021-29464
* SECURITY UPDATE: Out-of-bounds
- debian/patches/CVE-2021-29470.patch: Add more bound checks in
Jp2Image::encodeJp2Header.
- CVE-2021-29470
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-29473.patch: Add bounds check in
Jp2Image::doWriteMetadata() in src/jp2image.cpp.
- CVE-2021-29743
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482.patch: fix buffer overflow
in src/jp2image.cpp.
- CVE-2021-3482
-- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 May 2021 09:53:39 -0300
Available diffs
exiv2 (0.27.2-8ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482-*.patch: fix buffer overflow
in src/jp2image.cpp and adds tests test/data/poc_1522.jp2,
tests/bugfixes/github/test_issue_1522.py.
- debian/source/include-binaries: add poc_1522.jp2 entry.
- CVE-2021-3482
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
* SECURITY UPDATE: Out-of-bounds
- debian/patches/CVE-2021-29470-*.patch: Add more bound checks in
Jp2Image::encodeJp2Header and add some tests from/for github.
- CVE-2021-29470
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 13 Apr 2021 09:49:39 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.7) bionic-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482.patch: fix buffer overflow
in src/jp2image.cpp.
- CVE-2021-3482
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
-- Leonidas Da Silva Barbosa <email address hidden> Tue, 13 Apr 2021 13:24:50 -0300
Available diffs
exiv2 (0.27.3-3ubuntu1.1) hirsute-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482-*.patch: fix buffer overflow
in src/jp2image.cpp and adds tests test/data/poc_1522.jp2,
tests/bugfixes/github/test_issue_1522.py.
- debian/source/include-binaries: add poc_1522.jp2 entry.
- CVE-2021-3482
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
* SECURITY UPDATE: Out-of-bounds
- debian/patches/CVE-2021-29470-*.patch: Add more bound checks in
Jp2Image::encodeJp2Header and add some tests from/for github.
- CVE-2021-29470
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 12 Apr 2021 14:47:29 -0300
Available diffs
exiv2 (0.27.3-3ubuntu0.2) groovy-security; urgency=medium
* SECURITY UPDATE: Heap buffer overflow
- debian/patches/CVE-2021-3482-*.patch: fix buffer overflow
in src/jp2image.cpp and adds tests test/data/poc_1522.jp2,
tests/bugfixes/github/test_issue_1522.py.
- debian/source/include-binaries: add poc_1522.jp2 entry.
- CVE-2021-3482
* SECURITY UPDATE: An out of buffer access
- debian/patches/CVE-2021-29457.patch: fix in src/jp2image.cpp
(LP: #1923479)
- CVE-2021-29457
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2021-29458.patch: fix in src/crwimage_int.cpp
(LP: #1923479)
- CVE-2021-29458
* SECURITY UPDATE: Out-of-bounds
- debian/patches/CVE-2021-29470-*.patch: Add more bound checks in
Jp2Image::encodeJp2Header and add some tests from/for github.
- CVE-2021-29470
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 12 Apr 2021 15:25:12 -0300
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
exiv2 (0.27.3-3ubuntu1) hirsute; urgency=medium * Mark symbols as optional not seen when building with lto. -- Matthias Klose <email address hidden> Mon, 22 Mar 2021 20:18:15 +0100
Available diffs
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
exiv2 (0.27.3-3) unstable; urgency=medium * Team upload. * Update symbols file from the logs of buildds. -- Pino Toscano <email address hidden> Sun, 09 Aug 2020 07:15:23 +0200
Available diffs
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
exiv2 (0.27.2-8ubuntu2) focal; urgency=medium
* debian/patches/CVE-2019-17402.patch
- reapply thanks to ricotz!
- https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1715931/comments/12
-- Gianfranco Costamagna <email address hidden> Fri, 07 Feb 2020 08:39:09 +0100
Available diffs
exiv2 (0.25-4ubuntu2.2) eoan-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
in src/jp2image.cpp.
- CVE-2019-20421
-- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 13:49:27 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.5) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
in src/jp2image.cpp.
- CVE-2019-20421
-- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 12:37:33 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.6) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
in src/jp2image.cpp.
- CVE-2019-20421
-- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 11:42:12 -0300
Available diffs
| Superseded in focal-proposed |
exiv2 (0.27.2-8ubuntu1) focal; urgency=medium * Mark one symbol as optional on s390x, disappeared with gcc-10 -- Gianfranco Costamagna <email address hidden> Tue, 04 Feb 2020 11:55:13 +0100
Available diffs
- diff from 0.27.2-8build1 to 0.27.2-8ubuntu1 (317 bytes)
| Superseded in focal-proposed |
exiv2 (0.27.2-8build1) focal; urgency=medium * Mark one symbol as optional on s390x -- Gianfranco Costamagna <email address hidden> Tue, 04 Feb 2020 11:55:13 +0100
Available diffs
- diff from 0.27.2-8 (in Debian) to 0.27.2-8build1 (492 bytes)
exiv2 (0.27.2-8) unstable; urgency=medium
* Team upload.
* Update symbols file from the logs of buildds.
* Merge useful changes from 0.25-4:
- add Maximiliano Curia as Uploader
- adjust version of dbgsym migration
* Drop the python:native build dependency, as it is not used.
(Closes: #936496)
* Sort install files.
* Move the static libexiv2-xmp.a from libexiv2-27 to libexiv2-dev, as it is
needed only for development
- add proper breaks/replaces
* The current way to build the API documentation is suboptimal: even in
-indep builds a an -arch build is forced; also the separate doc build
requires a custom patch, Instead:
- move the common arguments for cmake to a variable to avoid duplication
- pass -DEXIV2_BUILD_DOC=ON to enable the documentation build, unless on
-arch builds
- pass -DCMAKE_INSTALL_DOCDIR=/usr/share/doc/exiv2/html to cmake to change
the installation directory of the documentation (mostly for the "html"
part), and change libexiv2-doc.docs to pick it from that location
- call the "doc" target in -indep builds
- drop patch 0001-doc-only-build-target.patch, no more needed now
* Remove patch numbers from patch files.
* Backport upstream commits 4c28673b641d7eacb50baafb5c286f6900ce2002, and
d4d4d766e9ade2376115eb41cc478eb195df1b39 to fix CVE-2019-9143 and
CVE-2019-9144; patches Fix-issue-712.patch, and
Add-comment-to-explain-choice-of-cut-off-value.patch.
(Closes: #923472, #923473)
* Backport upstream commit 1b917c3f7dd86336a9f6fda4456422c419dfe88c to fix
CVE-2019-20421; patch Fix-1011-fix_1011_jp2_readmetadata_loop.patch.
(Closes: #950183)
* Add debian/source/include-binaries for the patches Fix-issue-712.patch, and
Fix-1011-fix_1011_jp2_readmetadata_loop.patch, as they contain the binary
testcases for the fixes.
-- Pino Toscano <email address hidden> Thu, 30 Jan 2020 09:39:44 +0100
Available diffs
exiv2 (0.25-4ubuntu3) focal; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Oct 2019 14:20:11 -0300
Available diffs
- diff from 0.25-4ubuntu2 to 0.25-4ubuntu3 (1001 bytes)
exiv2 (0.25-4ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Fri, 18 Oct 2019 09:53:38 -0300
Available diffs
exiv2 (0.25-4ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Thu, 17 Oct 2019 08:42:27 -0300
Available diffs
- diff from 0.25-4ubuntu1.1 to 0.25-4ubuntu1.2 (1017 bytes)
exiv2 (0.25-3.1ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Oct 2019 16:46:48 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.5) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Wed, 16 Oct 2019 16:29:07 -0300
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
exiv2 (0.25-4ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jul 2019 11:49:42 -0300
Available diffs
- diff from 0.25-4ubuntu1 to 0.25-4ubuntu2 (6.3 KiB)
exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 15:58:32 -0300
Available diffs
exiv2 (0.25-4ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 15:20:16 -0300
Available diffs
exiv2 (0.25-4ubuntu0.2) cosmic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 14:26:59 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 08:59:47 -0300
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
exiv2 (0.25-4ubuntu1) disco; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 24 Jan 2019 13:15:19 -0300
Available diffs
exiv2 (0.25-4ubuntu0.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336*.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Wed, 09 Jan 2019 10:55:29 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336*.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Wed, 09 Jan 2019 09:23:30 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-9239.patch: fix in
src/tiffcomposite.cpp.
- CVE-2017-9239
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336*.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Tue, 08 Jan 2019 14:58:44 -0300
Available diffs
exiv2 (0.23-1ubuntu2.2) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
src/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-9239.patch: fix in
src/tiffcomposite.cpp.
- CVE-2017-9239
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336*.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Tue, 08 Jan 2019 13:38:56 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.17.10.1) artful-security; urgency=medium
* SECURITY UPDATE: denial of service through memory exhaustion
and a heap-based buffer over-read
- debian/patches/CVE-2018-10958_10999*.patch
- CVE-2018-10958
- CVE-2018-10999
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10998.patch
- CVE-2018-10998
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2018-11531*.patch
- CVE-2018-11531
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12264.patch
- CVE-2018-12264
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12265*.patch
- CVE-2018-12265
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:40:41 -0300
Available diffs
exiv2 (0.25-3.1ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: denial of service through memory exhaustion
and a heap-based buffer over-read
- debian/patches/CVE-2018-10958_10999*.patch
- CVE-2018-10958
- CVE-2018-10999
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10998.patch
- CVE-2018-10998
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2018-11531*.patch
- CVE-2018-11531
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12264.patch
- CVE-2018-12264
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12265*.patch
- CVE-2018-12265
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:53:30 -0300
Available diffs
exiv2 (0.25-2.1ubuntu16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: denial of service through memory exhaustion
and a heap-based buffer over-read
- debian/patches/CVE-2018-10958_10999*.patch
- CVE-2018-10958
- CVE-2018-10999
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10998.patch
- CVE-2018-10998
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2018-11531*.patch
- CVE-2018-11531
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12264.patch
- CVE-2018-12264
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12265*.patch
- CVE-2018-12265
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:31:21 -0300
Available diffs
exiv2 (0.23-1ubuntu2.1) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service through memory exhaustion
and a heap-based buffer over-read
- debian/patches/CVE-2018-10958_10999*.patch
- CVE-2018-10958
- CVE-2018-10999
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10998.patch
- CVE-2018-10998
* SECURITY UPDATE: Heap-based buffer overflow
- debian/patches/CVE-2018-11531*.patch
- CVE-2018-11531
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12264.patch
- CVE-2018-12264
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-12265*.patch
- CVE-2018-12265
-- <email address hidden> (Leonidas S. Barbosa) Fri, 29 Jun 2018 10:20:45 -0300
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
exiv2 (0.25-4) unstable; urgency=medium
[ Roberto C. Sanchez ]
* CVE-2018-10958: denial of service through memory exhaustion and
application crash by a crafted PNG image.
* CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
* CVE-2018-10998: denial of service through memory exhaustion and
application crash by a crafted image.
* CVE-2018-11531: a heap-based buffer overflow and application crash by a
crafted image.
* CVE-2018-12264: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901707)
* CVE-2018-12265: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901706)
[ Maximiliano Curia ]
* Bump debhelper build-dep and compat to 11
* Bump to Standards-Version 4.1.4
* Update Vcs fields
* Migrate to automatic dbgsym packages
* Drop parallel and autotools_dev from dh call
* Update watch file
* Release to unstable
-- Maximiliano Curia <email address hidden> Thu, 28 Jun 2018 18:05:24 +0200
Available diffs
- diff from 0.25-3.1 to 0.25-4 (11.0 KiB)
| Superseded in cosmic-release |
| Published in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
exiv2 (0.25-3.1) unstable; urgency=medium * Non-maintainer upload. * CVE-2017-9239 (Closes: #863410) -- Moritz Muehlenhoff <email address hidden> Mon, 05 Jun 2017 22:42:20 +0200
Available diffs
- diff from 0.25-3 to 0.25-3.1 (770 bytes)
exiv2 (0.25-2.1ubuntu16.04.1) xenial; urgency=medium * SRU 0.25-3 to Ubuntu xenial (LP: #1584853) [ Norbert Preining ] * Fix crashes on Casio images files (upstream cherry pick) (Closes: #814051) * mention XMP in the description (Closes: #790784) -- Gianfranco Costamagna <email address hidden> Tue, 28 Feb 2017 12:17:15 +0100
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Obsolete in yakkety-release |
| Deleted in yakkety-proposed (Reason: moved to release) |
exiv2 (0.25-3) unstable; urgency=medium [ Norbert Preining ] * Fix crashes on Casio images files (upstream cherry pick) (Closes: #814051) * mention XMP in the description (Closes: #790784) -- Norbert Preining <email address hidden> Tue, 17 May 2016 23:08:21 +0900
Available diffs
- diff from 0.25-2.1 to 0.25-3 (1.2 KiB)
| Superseded in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
exiv2 (0.25-2.1) unstable; urgency=medium * Non-maintainer upload * Fix symbol files for amd64/mips64el/sparc64/sh4 (Closes: #799611). -- YunQiang Su <email address hidden> Thu, 08 Oct 2015 14:39:02 +0800
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
exiv2 (0.25-1ubuntu1) wily; urgency=medium
* Temporarily drop the broken .symbols file. It was just introduced in
0.25.1, but needs to be adjusted for all architectures.
-- Martin Pitt <email address hidden> Wed, 05 Aug 2015 16:59:51 +0200
Available diffs
- diff from 0.24-4.1 (in Debian) to 0.25-1ubuntu1 (3.7 MiB)
- diff from 0.25-1 to 0.25-1ubuntu1 (8.5 KiB)
exiv2 (0.25-1) unstable; urgency=medium
[ Pino Toscano ]
* libexiv2-dev: stop again depending on pkg-config, as this is no more
needed now (for real this time).
[ Maximiliano Curia ]
* New upstream release (0.25). (Closes: #789956)
* Refresh patch: libtool_update.diff
* Remove upstream applied patch: CVE-2014-9449.patch
* Bump Standards-Version to 3.9.6, no changes needed.
* Update copyright information.
-- Martin Pitt <email address hidden> Wed, 05 Aug 2015 13:07:18 +0200
Available diffs
| Superseded in wily-proposed |
exiv2 (0.24-4.1ubuntu1~gcc5) wily; urgency=medium * Renamed library for gcc5 transition (Closes: #791030) -- Martin Pitt <email address hidden> Thu, 30 Jul 2015 12:46:17 +0200
Available diffs
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
exiv2 (0.24-4.1) unstable; urgency=medium
* Non-maintainer upload.
* Add CVE-2014-9449.patch patch.
CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
Thanks to Klaus Ethgen <email address hidden> (Closes: #773846)
-- Salvatore Bonaccorso <email address hidden> Wed, 07 Jan 2015 20:25:48 +0100
Available diffs
exiv2 (0.24-2ubuntu1.1) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow
- debian/patches/CVE-2014-9449.patch: fix overflow in
src/riffvideo.cpp.
- CVE-2014-9449
-- Marc Deslauriers <email address hidden> Mon, 05 Jan 2015 12:12:02 -0500
Available diffs
exiv2 (0.24-4ubuntu1) vivid; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow
- debian/patches/CVE-2014-9449.patch: fix overflow in
src/riffvideo.cpp.
- CVE-2014-9449
-- Marc Deslauriers <email address hidden> Mon, 05 Jan 2015 12:06:10 -0500
Available diffs
exiv2 (0.24-4) unstable; urgency=medium
* Team upload.
* Upload to unstable. (See #732957)
* Re-add the pkg-config dependency in libexiv2-dev, as there is still one
source relying on it.
-- Pino Toscano <email address hidden> Fri, 05 Sep 2014 23:22:40 +0200
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
exiv2 (0.24-2ubuntu1) utopic; urgency=medium * Rebase on Debian, remaining Ubuntu changes: (LP: #1269181) * debian/patches/libtool-ppc64el.diff: - Apply libtool patch for powerpc*le-linux support, copied from libtool 2.4.2-1.3ubuntu2. * debian/patches/config-updates.diff: - Update config.{guess,sub} for AArch64. -- Robert Ancell <email address hidden> Fri, 04 Jul 2014 11:46:22 +1200
Available diffs
- diff from 0.23-1ubuntu2 to 0.24-2ubuntu1 (2.4 MiB)
| Superseded in utopic-release |
| Published in trusty-release |
| Deleted in trusty-proposed (Reason: moved to release) |
exiv2 (0.23-1ubuntu2) trusty; urgency=low
* Apply libtool patch for powerpc*le-linux support, copied from libtool
2.4.2-1.3ubuntu2.
-- Colin Watson <email address hidden> Tue, 17 Dec 2013 11:57:20 +0000
Available diffs
- diff from 0.23-1ubuntu1 to 0.23-1ubuntu2 (1.2 KiB)
| Superseded in trusty-release |
| Obsolete in saucy-release |
| Deleted in saucy-proposed (Reason: moved to release) |
exiv2 (0.23-1ubuntu1) saucy; urgency=low
* Update config.{guess,sub} for AArch64.
-- Matthias Klose <email address hidden> Wed, 09 Oct 2013 20:14:39 +0200
Available diffs
exiv2 (0.23-1) unstable; urgency=low
* New upstream release
- Fixes "Support for .cr2 RAW files" (Closes: #665736)
* NEW package libexiv2-12 - match soname
* Drop spelling-error-in-binary.diff - included upstream
* Drop spelling-error-in-manpage.diff - included upstream
* Upload to unstable - coordinated through debian release
- Fixes "please package 0.21 or newer to unstable" (Closes: #650516)
* Update to Standard 3.9.3 - no changes necessary
-- Mark Purcell <email address hidden> Sat, 05 May 2012 09:31:28 +1000
Available diffs
- diff from 0.22-2 to 0.23-1 (668.9 KiB)
exiv2 (0.22-2) experimental; urgency=low
* dh_auto_configure $(shell dpkg-buildflags --export=configure)
- Fixes "Please enabled hardened build flags" (Closes: #656356)
* dh-linktree - fixes libexiv2-doc: embedded-javascript-library
* Update debian/copyright GPL-2 - copyright-refers-to-symlink-license
* Fix spelling-error-in-manpage exiv2.1.gz explicitely explicitly
* Fix spelling-error-in-binary
* Switch to dh_bugfiles
* Add samples/ to libexiv2-doc/examples
* Fixed "Lib not recommend exiv2" changes to Suggests: (Closes: #615137)
-- Mark Purcell <email address hidden> Wed, 25 Jan 2012 07:16:15 +1100
Available diffs
- diff from 0.22-1 to 0.22-2 (3.0 KiB)
exiv2 (0.22-1) experimental; urgency=low * New upstream release * NEW Package libexiv2-11 - soname bump * Drop usr/lib/libexiv2.la non-empty-dependency_libs-in-la-file * Ack NMU, Thanks Luk (Closes: #618747) -- Mark Purcell <email address hidden> Sat, 24 Sep 2011 14:28:30 +1000
exiv2 (0.21.1-0ubuntu2) natty; urgency=low
* debian/rules: delete the content of dependency_libs in la file to avoid
having to rebuild this package if the path of the libs changes. This fixes
also FTBFS in packages that b-d on libexiv2-dev because of incorrect
reference of libexpat.la. (LP: #737340)
-- Fabrice Coutadeur <email address hidden> Fri, 18 Mar 2011 05:17:26 +0000
Available diffs
- diff from 0.21.1-0ubuntu1 to 0.21.1-0ubuntu2 (987 bytes)
| Superseded in natty-release |
exiv2 (0.21.1-0ubuntu1) natty; urgency=low
* New upstream release
* debian/patches/01_multiple_tags.patch:
- Applied upstream
-- Robert Ancell <email address hidden> Tue, 15 Feb 2011 11:32:10 +1100
Available diffs
- diff from 0.21-0ubuntu2 to 0.21.1-0ubuntu1 (233.6 KiB)
| Superseded in natty-release |
exiv2 (0.21-0ubuntu2) natty; urgency=low
* debian/patches/01_multiple_tags.patch:
- Fix crash with multiple tags
-- Robert Ancell <email address hidden> Wed, 02 Feb 2011 09:29:11 +1100
Available diffs
- diff from 0.21-0ubuntu1 to 0.21-0ubuntu2 (2.1 KiB)
| 1 → 75 of 102 results | First • Previous • Next • Last |
