Format: 1.8
Date: Mon, 08 Jun 2020 12:58:09 -0300
Source: libexif
Binary: libexif-dev libexif12
Architecture: s390x s390x_translations
Version: 0.6.21-5.1ubuntu0.5
Distribution: eoan
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-s390x-011.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 libexif-dev - library to parse EXIF files (development files)
 libexif12  - library to parse EXIF files
Changes:
 libexif (0.6.21-5.1ubuntu0.5) eoan-security; urgency=medium
 .
   * SECURITY UPDATE: Out of bounds read
     - debian/patches/CVE-2020-0093.patch: fix read
       buffer overflow making sure the number of bytes being
       copied from does not exceed the source buffer size in
       libexif/exif-data.c.
     - CVE-2020-0093
   * SECURITY UPDATE: Out of bounds read
     - debian/patches/CVE-2020-13112.patch: fix MakerNote tag size
       overflow check for a size overflow while reading tags in
       libexif/canon/exif-mnote-data-canon.c,
       libexif/fuji/exif/mnote-data-fuji.c,
       libexif/olympus/exif-mnote-data-olympus.c,
       libexif/pentax/exif-mnote-data-pentax.c.
     - CVE-2020-13112
   * SECURITY UPDATE: Possibly crash and potential use-after-free
     - debian/patches/CVE-2020-13113.patch: ensures that an uninitialized
       pointer is not dereferenced later in the case where the number of
       components is 0 in libexif/canon/exif-mnote-data-canon.c,
       libexif/fuji/exif-mnote-data-fuji.c,
       libexif/olympus/exif-mnote-data-olympus.c,
       libexif/pentax/exif-mnote-data-pentax.
     - CVE-2020-13113
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2020-13114.patch: add a failsafe on the
       maximum number of Canon MakerNote subtags in
       libexif/canon/exif-mnote-data-canon.c.
     - CVE-2020-13114
   * SECURITY UPDATE: Out of bounds read
     - debian/patches/CVE-2020-0182.patch: fix a buffer read
       overflow in exif_entry_get_value in libexif/exif-entry.c.
     - CVE-2020-0182
   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2020-0198.patch: fix unsigned integer overflow
       in libexif/exif-data.c.
     - CVE-2020-0198
Checksums-Sha1:
 71698a7393440b0165619677e46b04566bbeb6cb 79112 libexif-dev_0.6.21-5.1ubuntu0.5_s390x.deb
 ed4b54f5132e696f424f1263ba1e8ac6dd4ce9a0 136664 libexif12-dbgsym_0.6.21-5.1ubuntu0.5_s390x.ddeb
 cea30a8958320c6aa416b57b3c75bb2d112eafd1 72668 libexif12_0.6.21-5.1ubuntu0.5_s390x.deb
 991fa7403e8a6b4f232672e1f25186400bbda1dc 7400 libexif_0.6.21-5.1ubuntu0.5_s390x.buildinfo
 60e4c4e00b87fe0e3dfa54a2299d1f99a14b1270 1354093 libexif_0.6.21-5.1ubuntu0.5_s390x_translations.tar.gz
Checksums-Sha256:
 1c4ba6d853e0fe54e18131064f3f6bbf4e50bee296ea3599768ddb13fe7f1864 79112 libexif-dev_0.6.21-5.1ubuntu0.5_s390x.deb
 a46584e5623f111c63e01995acfe85e0eeb57b938dc0e5265e787ad057e501f6 136664 libexif12-dbgsym_0.6.21-5.1ubuntu0.5_s390x.ddeb
 7999d74ddd42b3797cbedc9e447075368c7edf92ed7a14b8b27ae46d82c7158e 72668 libexif12_0.6.21-5.1ubuntu0.5_s390x.deb
 9e3fac7ad24389af57baffcc30f9fd282ee9dadd01a94d0c40beaf3962c696c5 7400 libexif_0.6.21-5.1ubuntu0.5_s390x.buildinfo
 f306b6a6eb6f67628cea96e4f7e6a7e3eb6afbf4d34e9800482f482d2d359e17 1354093 libexif_0.6.21-5.1ubuntu0.5_s390x_translations.tar.gz
Files:
 54227892cd0d76eec6e2f8cd46ab0bc4 79112 libdevel optional libexif-dev_0.6.21-5.1ubuntu0.5_s390x.deb
 6f88bc91f4f8b656b9c175a0a5c955ba 136664 debug optional libexif12-dbgsym_0.6.21-5.1ubuntu0.5_s390x.ddeb
 8629d4901fc45a01d33dc2d1d4154a67 72668 libs optional libexif12_0.6.21-5.1ubuntu0.5_s390x.deb
 095b30cdd680493e65d4b4855e00a5f1 7400 libs optional libexif_0.6.21-5.1ubuntu0.5_s390x.buildinfo
 67e2667e3f4544bcf53dc1f596e547ed 1354093 raw-translations - libexif_0.6.21-5.1ubuntu0.5_s390x_translations.tar.gz
Original-Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>