Format: 1.8
Date: Wed, 10 Jul 2019 15:58:32 -0300
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: arm64 arm64_translations
Version: 0.25-2.1ubuntu16.04.4
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-078.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 exiv2      - EXIF/IPTC/XMP metadata manipulation tool
 libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
 libexiv2-dbg - EXIF/IPTC/XMP metadata manipulation library - debug
 libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Changes:
 exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium
 .
    * SECURITY UPDATE: Integer overflow
      - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
        in src/enforce.hpp, use safe:add for preventing overflows in
        PSD files and enforce length of image resource
        section < file size in src/psdimage.cpp.
      - CVE-2018-19107
      - CVE-2018-19108
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2018-19535-*.patch: fixes in
        PngChunk::readRawProfile in src/pngchunk.cpp.
      - CVE-2018-19535
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13110.patch: avoid integer overflow
        in src/crwimage.cpp.
      - CVE-2019-13110
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13112.patch: add bound check
        on allocation size in src/pngchunk.cpp.
      - CVE-2019-13112
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13113.patch: throw an exception
        if the data location is invalid in src/crwimage.cpp,
        src/crwimage_int.hpp.
      - CVE-2019-13113
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13114.patch: avoid null pointer
        exception due to NULL return from strchr in src/http.cpp.
      - CVE-2019-13114
    * Add error codes from src error in order to support CVE-2018-19535
      - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
Checksums-Sha1:
 f96601cd9e7b283c62f26351e27e90e5e8dcb1f6 1224 exiv2-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 b59043e02dc33878b968c841ef027b879bea75ba 72292 exiv2_0.25-2.1ubuntu16.04.4_arm64.deb
 d4e6c17f5ce565c6ab24f7c9d33f2af3b41e38b4 3568428 exiv2_0.25-2.1ubuntu16.04.4_arm64_translations.tar.gz
 3e5bdfa0e3106ecd7c53b1ba382ff6c01c4ff71c 1228 libexiv2-14-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 403117a75da4841a6ac65706a223cf64eaec4003 601456 libexiv2-14_0.25-2.1ubuntu16.04.4_arm64.deb
 390aa58a4e746f28d379dbb4d47378220986314f 5358288 libexiv2-dbg_0.25-2.1ubuntu16.04.4_arm64.deb
 0e1f051511914c43191f5eae20c384f4541659a1 950 libexiv2-dev-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 1e01eb2a0448cdfd448e4b46bbd8db4b3e3b19b2 864180 libexiv2-dev_0.25-2.1ubuntu16.04.4_arm64.deb
Checksums-Sha256:
 89ee784cc5beec64aade15130e5fc1fa7637732c40765daff143659803c35f1d 1224 exiv2-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 41f314599fd02e2274cb14c61f12a65b7ad1219dd755be5ef7613d2ce12e66c7 72292 exiv2_0.25-2.1ubuntu16.04.4_arm64.deb
 2fba0a5d85c042369f9e0eac98f638676c41d2735663efa96f397fbe21afc81d 3568428 exiv2_0.25-2.1ubuntu16.04.4_arm64_translations.tar.gz
 610d65cb17fd023c3c6b18ec23e12e296c2f9dd4469eb3bf44338fc9b1539807 1228 libexiv2-14-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 27e274a2880ed452b12f7cb64b215d5fb4a24bf88461b7760b3427d91dd630a3 601456 libexiv2-14_0.25-2.1ubuntu16.04.4_arm64.deb
 78690dbda1e1d5db1668cea078b0511caae672ca06c9a8ac444bd38b08c53855 5358288 libexiv2-dbg_0.25-2.1ubuntu16.04.4_arm64.deb
 d0768ba6a7628c5b2567bee392eac1ec9a04130e7233a88f6e50a714c09ad97a 950 libexiv2-dev-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 4170a2da17ce609b0892710010061131e4604350b6a3539a7de2ee8903caee7a 864180 libexiv2-dev_0.25-2.1ubuntu16.04.4_arm64.deb
Files:
 88441afcf1faafa138491df63d937a3e 1224 graphics extra exiv2-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 9104b87daddf9d5098f80c595ef1f7aa 72292 graphics optional exiv2_0.25-2.1ubuntu16.04.4_arm64.deb
 d2c09ba350ffc7931eb7e16b896329dc 3568428 raw-translations - exiv2_0.25-2.1ubuntu16.04.4_arm64_translations.tar.gz
 d5dfef171a72dacf4756bafa6c88a8a8 1228 libs extra libexiv2-14-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 b881caa805dc60324757d6419ed9dad8 601456 libs optional libexiv2-14_0.25-2.1ubuntu16.04.4_arm64.deb
 b0416e72b73e1065636e9451b7d70237 5358288 debug extra libexiv2-dbg_0.25-2.1ubuntu16.04.4_arm64.deb
 598977fd014379b5515ad2f205eb7c4e 950 libdevel extra libexiv2-dev-dbgsym_0.25-2.1ubuntu16.04.4_arm64.ddeb
 619c8602afe63423a773fdbaa8987085 864180 libdevel optional libexiv2-dev_0.25-2.1ubuntu16.04.4_arm64.deb
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>