libexif 0.6.21-5.1ubuntu0.5 source package in Ubuntu

Changelog

libexif (0.6.21-5.1ubuntu0.5) eoan-security; urgency=medium

  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0093.patch: fix read
      buffer overflow making sure the number of bytes being
      copied from does not exceed the source buffer size in
      libexif/exif-data.c.
    - CVE-2020-0093
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
      overflow check for a size overflow while reading tags in
      libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif/mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.c.
    - CVE-2020-13112
  * SECURITY UPDATE: Possibly crash and potential use-after-free
    - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
      pointer is not dereferenced later in the case where the number of
      components is 0 in libexif/canon/exif-mnote-data-canon.c,
      libexif/fuji/exif-mnote-data-fuji.c,
      libexif/olympus/exif-mnote-data-olympus.c,
      libexif/pentax/exif-mnote-data-pentax.
    - CVE-2020-13113
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2020-13114.patch: add a failsafe on the
      maximum number of Canon MakerNote subtags in
      libexif/canon/exif-mnote-data-canon.c.
    - CVE-2020-13114
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-0182.patch: fix a buffer read
      overflow in exif_entry_get_value in libexif/exif-entry.c.
    - CVE-2020-0182
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
      in libexif/exif-data.c.
    - CVE-2020-0198

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 08 Jun 2020 12:58:09 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
libs
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
libexif_0.6.21.orig.tar.gz 2.0 MiB edb7eb13664cf950a6edd132b75e99afe61c5effe2f16494e6d27bc404b287bf
libexif_0.6.21-5.1ubuntu0.5.debian.tar.xz 18.4 KiB 5ee7562425f2daf007fab469710d6db8a09d07dae1ea00bddfa78e2acab2219e
libexif_0.6.21-5.1ubuntu0.5.dsc 2.2 KiB 76dac86437d39db33607d674b98966e2139d0954c4f1a60227fab150cd3d0005

View changes file

Binary packages built by this source

libexif-dev: No summary available for libexif-dev in ubuntu eoan.

No description available for libexif-dev in ubuntu eoan.

libexif-doc: No summary available for libexif-doc in ubuntu eoan.

No description available for libexif-doc in ubuntu eoan.

libexif12: No summary available for libexif12 in ubuntu eoan.

No description available for libexif12 in ubuntu eoan.

libexif12-dbgsym: No summary available for libexif12-dbgsym in ubuntu eoan.

No description available for libexif12-dbgsym in ubuntu eoan.