Format: 1.8 Date: Wed, 10 Jul 2019 14:26:59 -0300 Source: exiv2 Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc Architecture: i386 i386_translations Version: 0.25-4ubuntu0.2 Distribution: cosmic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Leonidas S. Barbosa Description: exiv2 - EXIF/IPTC/XMP metadata manipulation tool libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation Changes: exiv2 (0.25-4ubuntu0.2) cosmic-security; urgency=medium . * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce() in src/enforce.hpp, use safe:add for preventing overflows in PSD files and enforce length of image resource section < file size in src/psdimage.cpp. - CVE-2018-19107 - CVE-2018-19108 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2018-19535-*.patch: fixes in PngChunk::readRawProfile in src/pngchunk.cpp. - CVE-2018-19535 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13110.patch: avoid integer overflow in src/crwimage.cpp. - CVE-2019-13110 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13112.patch: add bound check on allocation size in src/pngchunk.cpp. - CVE-2019-13112 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13113.patch: throw an exception if the data location is invalid in src/crwimage.cpp, src/crwimage_int.hpp. - CVE-2019-13113 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2019-13114.patch: avoid null pointer exception due to NULL return from strchr in src/http.cpp. - CVE-2019-13114 * Add error codes from src error in order to support CVE-2018-19535 - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch Checksums-Sha1: 3c977e16a7437a9570b5e53813371b83b0d6ceed 729336 exiv2-dbgsym_0.25-4ubuntu0.2_i386.ddeb 7401acb362058b2458d3b4ae2ef4da37756ef520 8745 exiv2_0.25-4ubuntu0.2_i386.buildinfo e743c099bdf574b922c70311c6f3c66cd9e1c2c1 83416 exiv2_0.25-4ubuntu0.2_i386.deb 3e56a73e0592fc4b13547ccb05537c7e13699b4c 3565891 exiv2_0.25-4ubuntu0.2_i386_translations.tar.gz 88146fe178f91b6e46e50141124c7d5a936666e2 7793780 libexiv2-14-dbgsym_0.25-4ubuntu0.2_i386.ddeb c1dd4dfa44300aaad09d840f994c65607b0a7321 694196 libexiv2-14_0.25-4ubuntu0.2_i386.deb 60c68655fc80df60ab38cf74d399b629b1f503fa 948068 libexiv2-dev_0.25-4ubuntu0.2_i386.deb Checksums-Sha256: 75cdc8cf13fc43837783f43b1c108dd39097cedbd09512adb00fc61512b8a581 729336 exiv2-dbgsym_0.25-4ubuntu0.2_i386.ddeb e28d1e8b5a90a3e80b6e48ba6eba3ee8d553129db1d44da2ea54ad4ae90ada97 8745 exiv2_0.25-4ubuntu0.2_i386.buildinfo 5ce8ba97a313b6d072c2a88b421829d35665980541ba3e39358c5710f64371ce 83416 exiv2_0.25-4ubuntu0.2_i386.deb 720bdec642d92f14fe56da11ddc0c55e3934655327742ae4a6b7a6d072828e2a 3565891 exiv2_0.25-4ubuntu0.2_i386_translations.tar.gz d210e93f9a0854fde5fe46cd5788bbb19e1e02ab87652d9833fa22201df428a5 7793780 libexiv2-14-dbgsym_0.25-4ubuntu0.2_i386.ddeb 0f66303f073616eec4b98d5f593907b0f37e3a1ebc6b0b5594dd7a343c20be45 694196 libexiv2-14_0.25-4ubuntu0.2_i386.deb ebe6d35d14162c3986bcf73ef189863843e4c4f622119d75fac62175e043bc33 948068 libexiv2-dev_0.25-4ubuntu0.2_i386.deb Files: 399f7b21550f7cf5313004fdcb0e6bc8 729336 debug optional exiv2-dbgsym_0.25-4ubuntu0.2_i386.ddeb 2808f9ecd7eba3a51bb621fdb3958a2b 8745 graphics optional exiv2_0.25-4ubuntu0.2_i386.buildinfo c0266c7f0a60846df8e3553ea19680a8 83416 graphics optional exiv2_0.25-4ubuntu0.2_i386.deb 6b12f36caabdbd3fff26a81431b9f9c4 3565891 raw-translations - exiv2_0.25-4ubuntu0.2_i386_translations.tar.gz 0bb0033ad9f0c035a146ca6b9cff5e32 7793780 debug optional libexiv2-14-dbgsym_0.25-4ubuntu0.2_i386.ddeb b712e8379b04fa83837445dd85317c91 694196 libs optional libexiv2-14_0.25-4ubuntu0.2_i386.deb 84707a2fa33c67d7d90ddec84acaaf17 948068 libdevel optional libexiv2-dev_0.25-4ubuntu0.2_i386.deb Original-Maintainer: Debian Qt/KDE Maintainers