Format: 1.8 Date: Wed, 10 Jul 2019 08:59:47 -0300 Source: exiv2 Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc libexiv2-dbg Architecture: armhf armhf_translations Version: 0.25-3.1ubuntu0.18.04.3 Distribution: bionic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas S. Barbosa Description: exiv2 - EXIF/IPTC/XMP metadata manipulation tool libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library libexiv2-dbg - EXIF/IPTC/XMP metadata manipulation library - debug libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation Changes: exiv2 (0.25-3.1ubuntu0.18.04.3) bionic-security; urgency=medium . * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch Checksums-Sha1: 51ccdf45f33db8cb684ea74cf094837665871ad7 8658 exiv2_0.25-3.1ubuntu0.18.04.3_armhf.buildinfo 164674278f6df44bac9e513a058970b7a77e9a9c 68140 exiv2_0.25-3.1ubuntu0.18.04.3_armhf.deb cb12d7abb234a7e73cd9ea2b9ddfee47159e0940 3568578 exiv2_0.25-3.1ubuntu0.18.04.3_armhf_translations.tar.gz c7081ac43fb080594ef8727899b95c975359f323 609208 libexiv2-14_0.25-3.1ubuntu0.18.04.3_armhf.deb 339b488d4fa4f898c6ba819d2eecd2140e38e512 6180304 libexiv2-dbg_0.25-3.1ubuntu0.18.04.3_armhf.deb 39ab1b9174b00113741af2679403f8921403a24f 904020 libexiv2-dev_0.25-3.1ubuntu0.18.04.3_armhf.deb Checksums-Sha256: 1c6ad73b7228c49ee7e89f1f70384ebb2e11db3fccce5ebc5a42b054e0ffc1cc 8658 exiv2_0.25-3.1ubuntu0.18.04.3_armhf.buildinfo 51baa1d719f9e05d13972c8bfa90b74bc5e753123cc5483381a9f86a25b91b53 68140 exiv2_0.25-3.1ubuntu0.18.04.3_armhf.deb a66aa04e3ddc19156720b940a9e33ba9800cbe1f823c6d9785e7f95cc9efba34 3568578 exiv2_0.25-3.1ubuntu0.18.04.3_armhf_translations.tar.gz baa768cba9e8d9d6e33ae179084f61e428ab1c7a1c722bc9b68b365cebeffe20 609208 libexiv2-14_0.25-3.1ubuntu0.18.04.3_armhf.deb 8684a895ba71ddd02944f44ca22a69468db1c1382e165fd4a65edf6d2331626d 6180304 libexiv2-dbg_0.25-3.1ubuntu0.18.04.3_armhf.deb 3f333048575ebf5485e257f0caf83cf86d3c90e0ee4b1c7b44667e9d67827630 904020 libexiv2-dev_0.25-3.1ubuntu0.18.04.3_armhf.deb Files: 44803898f703f9efe2bb6eb16b9afb50 8658 graphics optional exiv2_0.25-3.1ubuntu0.18.04.3_armhf.buildinfo d50e2aea028a927b94287e5b910bdbfc 68140 graphics optional exiv2_0.25-3.1ubuntu0.18.04.3_armhf.deb 92f07ccbe4e82bcdab9968437db8c8aa 3568578 raw-translations - exiv2_0.25-3.1ubuntu0.18.04.3_armhf_translations.tar.gz 51819346cb93f36da136981e55a76d46 609208 libs optional libexiv2-14_0.25-3.1ubuntu0.18.04.3_armhf.deb d51f910a252831828475acb2c5dee4ff 6180304 debug extra libexiv2-dbg_0.25-3.1ubuntu0.18.04.3_armhf.deb efca1fcb8ecf9bcb76ffa4f8c3944a37 904020 libdevel optional libexiv2-dev_0.25-3.1ubuntu0.18.04.3_armhf.deb Original-Maintainer: Debian KDE Extras Team