-
exiv2 (0.25-4ubuntu1.2) disco-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Thu, 17 Oct 2019 08:42:27 -0300
-
exiv2 (0.25-4ubuntu1.1) disco-security; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Wed, 10 Jul 2019 15:20:16 -0300
-
exiv2 (0.25-4ubuntu1) disco; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 24 Jan 2019 13:15:19 -0300
-
exiv2 (0.25-4) unstable; urgency=medium
[ Roberto C. Sanchez ]
* CVE-2018-10958: denial of service through memory exhaustion and
application crash by a crafted PNG image.
* CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
* CVE-2018-10998: denial of service through memory exhaustion and
application crash by a crafted image.
* CVE-2018-11531: a heap-based buffer overflow and application crash by a
crafted image.
* CVE-2018-12264: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901707)
* CVE-2018-12265: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901706)
[ Maximiliano Curia ]
* Bump debhelper build-dep and compat to 11
* Bump to Standards-Version 4.1.4
* Update Vcs fields
* Migrate to automatic dbgsym packages
* Drop parallel and autotools_dev from dh call
* Update watch file
* Release to unstable
-- Maximiliano Curia <email address hidden> Thu, 28 Jun 2018 18:05:24 +0200