Format: 1.8 Date: Wed, 10 Jul 2019 14:26:59 -0300 Source: exiv2 Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc Architecture: amd64 amd64_translations all Version: 0.25-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas S. Barbosa Description: exiv2 - EXIF/IPTC/XMP metadata manipulation tool libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation Changes: exiv2 (0.25-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch Checksums-Sha1: 86d47b9cdec059ccad61072c2d01bc31189be342 775384 exiv2-dbgsym_0.25-4ubuntu0.2_amd64.ddeb a3d1f213e7927e4f7eff5cfecbaec43bf2771d05 10715 exiv2_0.25-4ubuntu0.2_amd64.buildinfo 25d5fe8e94b927beca17f6674623695c04b92287 77492 exiv2_0.25-4ubuntu0.2_amd64.deb c921e55f163f56fb736a46f828a0071494839694 3565531 exiv2_0.25-4ubuntu0.2_amd64_translations.tar.gz 1e54b696457130bd244e40b8a33a29b4858b163d 8149736 libexiv2-14-dbgsym_0.25-4ubuntu0.2_amd64.ddeb 0eb0a461d1cd767589f48b3a7d7835fcfad8ce1b 669312 libexiv2-14_0.25-4ubuntu0.2_amd64.deb d6119a9f873aca4939bc912d7b1dda1cb085d8fa 892632 libexiv2-dev_0.25-4ubuntu0.2_amd64.deb 9a8e9b3bcd52f369ec5c55cc93c5d98926763ed8 20808748 libexiv2-doc_0.25-4ubuntu0.2_all.deb Checksums-Sha256: 409d2527da7c1413859827f24fa2a8895d400c41e99896606cdfe98fb9d939fe 775384 exiv2-dbgsym_0.25-4ubuntu0.2_amd64.ddeb dc372e5532533cca8661da4d4efe3da0aeb1e6ae05f26ece07c4c78aae234c4d 10715 exiv2_0.25-4ubuntu0.2_amd64.buildinfo f7b2e3bcec80fdfcecc679a5cfe2b9f39d4e63cfb2e3f6be72f1740a2e1c2f58 77492 exiv2_0.25-4ubuntu0.2_amd64.deb f463925793a220e77ef05a50c7f7562aa90ec8268b7af670397c30ebabf32e0e 3565531 exiv2_0.25-4ubuntu0.2_amd64_translations.tar.gz f6936ce31d13fe6777bf1e811ae2f644f2264bcd066b807bd8314f97d29bde5d 8149736 libexiv2-14-dbgsym_0.25-4ubuntu0.2_amd64.ddeb 358f547add6d50aa3b6a254635678af24d157ab55c0d2444a7ddcd1961bfca3b 669312 libexiv2-14_0.25-4ubuntu0.2_amd64.deb f4833a757503eb1d2258f4bedcd6d0e05dd981932e4aa5e46c81d40f4cb0c89a 892632 libexiv2-dev_0.25-4ubuntu0.2_amd64.deb c9a5be17165ea4123df5ef937e66990afce8a435a07c23ee4d34ec2809e0c19d 20808748 libexiv2-doc_0.25-4ubuntu0.2_all.deb Files: f4e0de1a50709620c706936772e01e13 775384 debug optional exiv2-dbgsym_0.25-4ubuntu0.2_amd64.ddeb e54a71344eb258d5b8d378bdb66bc435 10715 graphics optional exiv2_0.25-4ubuntu0.2_amd64.buildinfo 7f26b9102ae6bfec7eb204a9f704a6d5 77492 graphics optional exiv2_0.25-4ubuntu0.2_amd64.deb 6380291e6b0b9ba6b355c753b5b82353 3565531 raw-translations - exiv2_0.25-4ubuntu0.2_amd64_translations.tar.gz 5da93c1edc97709b9fcd0fc4c9794059 8149736 debug optional libexiv2-14-dbgsym_0.25-4ubuntu0.2_amd64.ddeb e2fed2d8e778ae00d0d92e464dacb9bf 669312 libs optional libexiv2-14_0.25-4ubuntu0.2_amd64.deb 8f466cea4d091d4ef6aa227e7ee6f910 892632 libdevel optional libexiv2-dev_0.25-4ubuntu0.2_amd64.deb efb01d35eeeb838956cad1a30e56b823 20808748 doc optional libexiv2-doc_0.25-4ubuntu0.2_all.deb Original-Maintainer: Debian Qt/KDE Maintainers