Format: 1.8
Date: Wed, 10 Jul 2019 15:58:32 -0300
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: armhf armhf_translations
Version: 0.25-2.1ubuntu16.04.4
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-arm64-072.buildd>
Changed-By: Leonidas S. Barbosa <leo.barbosa@canonical.com>
Description:
 exiv2      - EXIF/IPTC/XMP metadata manipulation tool
 libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
 libexiv2-dbg - EXIF/IPTC/XMP metadata manipulation library - debug
 libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Changes:
 exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium
 .
    * SECURITY UPDATE: Integer overflow
      - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
        in src/enforce.hpp, use safe:add for preventing overflows in
        PSD files and enforce length of image resource
        section < file size in src/psdimage.cpp.
      - CVE-2018-19107
      - CVE-2018-19108
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2018-19535-*.patch: fixes in
        PngChunk::readRawProfile in src/pngchunk.cpp.
      - CVE-2018-19535
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13110.patch: avoid integer overflow
        in src/crwimage.cpp.
      - CVE-2019-13110
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13112.patch: add bound check
        on allocation size in src/pngchunk.cpp.
      - CVE-2019-13112
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13113.patch: throw an exception
        if the data location is invalid in src/crwimage.cpp,
        src/crwimage_int.hpp.
      - CVE-2019-13113
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2019-13114.patch: avoid null pointer
        exception due to NULL return from strchr in src/http.cpp.
      - CVE-2019-13114
    * Add error codes from src error in order to support CVE-2018-19535
      - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
Checksums-Sha1:
 ee5d50ef2a511c99ce5ad980fa237a9e48f17cdb 1224 exiv2-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 52ca55a613a002c4ba0542a348936f55f5161983 66884 exiv2_0.25-2.1ubuntu16.04.4_armhf.deb
 3b9f65891ea2bc1d64076a10863a17c2a55db4c6 3568425 exiv2_0.25-2.1ubuntu16.04.4_armhf_translations.tar.gz
 b75e65b26e5966ed02f08b5ed63718297d0152fe 1230 libexiv2-14-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 1beba9e672a7216dffa33fd8b45d1fa754002541 603868 libexiv2-14_0.25-2.1ubuntu16.04.4_armhf.deb
 f9603a86360cb408e7dcd6e6b5f36264c56b1326 5197010 libexiv2-dbg_0.25-2.1ubuntu16.04.4_armhf.deb
 48cd78af29e754d536180c974290ae18d10ef0c5 952 libexiv2-dev-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 1472b9824393d567553cb288f2a73c03f3096f97 879982 libexiv2-dev_0.25-2.1ubuntu16.04.4_armhf.deb
Checksums-Sha256:
 e6455ce018167ecee02b8064553f4af6a09ab3195590771d9c0bebb3535f1030 1224 exiv2-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 ae591ca57d6bc95e07e01895e59df412725150f9e0f349fd04c8a5823c5974d6 66884 exiv2_0.25-2.1ubuntu16.04.4_armhf.deb
 908277c3ae2f900b1e35f541b9696b8d39f350332351ae473f2fcf067b851989 3568425 exiv2_0.25-2.1ubuntu16.04.4_armhf_translations.tar.gz
 4dcf3e291cc25d72d97413d6f7d9380188f0b42857540619c1f195d7d284e96b 1230 libexiv2-14-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 c5b4f71b171401029d39fff100e1f9d41ec52fb8be9f62e5454f807a012540cd 603868 libexiv2-14_0.25-2.1ubuntu16.04.4_armhf.deb
 2de4585229120bf262279be5bef3e280ee65df72726d8c46e9f49abb48854c37 5197010 libexiv2-dbg_0.25-2.1ubuntu16.04.4_armhf.deb
 06739328b9f0e778aaf2c504dbc81151f33be7dec48bade47f277326748845c8 952 libexiv2-dev-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 2f3ceb30d361d04dc24fde74353673834638af74d1fd25282f6f7f063f722bb3 879982 libexiv2-dev_0.25-2.1ubuntu16.04.4_armhf.deb
Files:
 4a7455400518e2513ef733fa6930b9f5 1224 graphics extra exiv2-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 b342ddcf9fbd2eb8542883617bfd212a 66884 graphics optional exiv2_0.25-2.1ubuntu16.04.4_armhf.deb
 55652552d5797a0bd3bf657e2937f713 3568425 raw-translations - exiv2_0.25-2.1ubuntu16.04.4_armhf_translations.tar.gz
 3fdafc783a744af5e7c8e7223b848325 1230 libs extra libexiv2-14-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 42591a10fb775fa7d6327b729ea19ea3 603868 libs optional libexiv2-14_0.25-2.1ubuntu16.04.4_armhf.deb
 b6522b29705c72092af795f023406721 5197010 debug extra libexiv2-dbg_0.25-2.1ubuntu16.04.4_armhf.deb
 27d00afd80d603d9285071c49b174f66 952 libdevel extra libexiv2-dev-dbgsym_0.25-2.1ubuntu16.04.4_armhf.ddeb
 ed2daf46399751966ee8df13bb8606b9 879982 libdevel optional libexiv2-dev_0.25-2.1ubuntu16.04.4_armhf.deb
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>