Format: 1.8
Date: Mon, 08 Jun 2020 12:58:09 -0300
Source: libexif
Binary: libexif-dev libexif-doc libexif12
Architecture: amd64 all amd64_translations
Version: 0.6.21-5.1ubuntu0.5
Distribution: eoan
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lcy01-amd64-014.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 libexif-dev - library to parse EXIF files (development files)
 libexif-doc - library to parse EXIF files (documentation)
 libexif12  - library to parse EXIF files
Changes:
 libexif (0.6.21-5.1ubuntu0.5) eoan-security; urgency=medium
 .
   * SECURITY UPDATE: Out of bounds read
     - debian/patches/CVE-2020-0093.patch: fix read
       buffer overflow making sure the number of bytes being
       copied from does not exceed the source buffer size in
       libexif/exif-data.c.
     - CVE-2020-0093
   * SECURITY UPDATE: Out of bounds read
     - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
       overflow check for a size overflow while reading tags in
       libexif/canon/exif-mnote-data-canon.c,
       libexif/fuji/exif/mnote-data-fuji.c,
       libexif/olympus/exif-mnote-data-olympus.c,
       libexif/pentax/exif-mnote-data-pentax.c.
     - CVE-2020-13112
   * SECURITY UPDATE: Possibly crash and potential use-after-free
     - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
       pointer is not dereferenced later in the case where the number of
       components is 0 in libexif/canon/exif-mnote-data-canon.c,
       libexif/fuji/exif-mnote-data-fuji.c,
       libexif/olympus/exif-mnote-data-olympus.c,
       libexif/pentax/exif-mnote-data-pentax.
     - CVE-2020-13113
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2020-13114.patch: add a failsafe on the
       maximum number of Canon MakerNote subtags in
       libexif/canon/exif-mnote-data-canon.c.
     - CVE-2020-13114
   * SECURITY UPDATE: Out of bounds read
     - debian/patches/CVE-2020-0182.patch: fix a buffer read
       overflow in exif_entry_get_value in libexif/exif-entry.c.
     - CVE-2020-0182
   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
       in libexif/exif-data.c.
     - CVE-2020-0198
Checksums-Sha1:
 30848b94b978ce0d36079e9af195bd82895464f0 83988 libexif-dev_0.6.21-5.1ubuntu0.5_amd64.deb
 c834931c927dfd2ba64ec0c997b64806f2da2dff 256260 libexif-doc_0.6.21-5.1ubuntu0.5_all.deb
 a2f44a0ced93e649edca17cd4183ef82e0a487a1 137760 libexif12-dbgsym_0.6.21-5.1ubuntu0.5_amd64.ddeb
 3fadb53c2fa237c5498ca8660cdf569ae9d0962f 78084 libexif12_0.6.21-5.1ubuntu0.5_amd64.deb
 a9611748002d2a51ed61c49123ba04c6056bdc3f 7782 libexif_0.6.21-5.1ubuntu0.5_amd64.buildinfo
 2ad8741f879bf76061ce92403fd266672f6fb090 1356189 libexif_0.6.21-5.1ubuntu0.5_amd64_translations.tar.gz
Checksums-Sha256:
 a6182d6cc24cb7a98ca95a1d584191c361b27620fc957adaa467d8398146a593 83988 libexif-dev_0.6.21-5.1ubuntu0.5_amd64.deb
 cecf30cdaadd9e3c530fb48b7243f9b06561252ea9bb83504beb060366572446 256260 libexif-doc_0.6.21-5.1ubuntu0.5_all.deb
 3a1f7c126a61bc2d0c6387d84ff5a6b734a18ffe6de545e988ea124179bc238c 137760 libexif12-dbgsym_0.6.21-5.1ubuntu0.5_amd64.ddeb
 bd50c1b0cec519b34773169aa7f4c81c0e1ef4cb5db9c8719f3e16839bdfd196 78084 libexif12_0.6.21-5.1ubuntu0.5_amd64.deb
 c85c395894d1555d417e3aa3d707baea0f67fbba8b7090e06c69951920d5a60e 7782 libexif_0.6.21-5.1ubuntu0.5_amd64.buildinfo
 e32027ca98ab0f370fc0c0b398d548a95192cab01461d70c2290b755eaab1043 1356189 libexif_0.6.21-5.1ubuntu0.5_amd64_translations.tar.gz
Files:
 9202bbc03ce7c8bd6a152547b44a430c 83988 libdevel optional libexif-dev_0.6.21-5.1ubuntu0.5_amd64.deb
 6473cc766b4e2c6e426f41c4b125aa8c 256260 doc optional libexif-doc_0.6.21-5.1ubuntu0.5_all.deb
 c716f20a579789e773105e877b85094a 137760 debug optional libexif12-dbgsym_0.6.21-5.1ubuntu0.5_amd64.ddeb
 b603792a6d11063b469c6a0a5a6548ea 78084 libs optional libexif12_0.6.21-5.1ubuntu0.5_amd64.deb
 73653f75fd92b73b9a48435bb6d089fd 7782 libs optional libexif_0.6.21-5.1ubuntu0.5_amd64.buildinfo
 a8733a2359ebb1d1c3e5980242ebbc6c 1356189 raw-translations - libexif_0.6.21-5.1ubuntu0.5_amd64_translations.tar.gz
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>