Ubuntu
libexif package

lp:ubuntu/hardy-security/libexif

Hardy (8.04)
hardy-security

Created by Ubuntu Package Importer on 2012-07-23 and last modified on 2012-07-23

Get this branch:: bzr branch lp:ubuntu/hardy-security/libexif

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

7. By Marc Deslauriers on 2012-07-19: * SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.dpatch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.dpatch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.dpatch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.dpatch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.dpatch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.dpatch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.dpatch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841
6. By Nico Golde <email address hidden> on 2007-12-21: * Non-maintainer upload by security team.
* This update addresses the following security issues:
  - possible denial of service attack via crafted
    image file leading to an infinite recursion in the
    exif-loader.c (CVE-2007-6351; Closes: #457330).
  - integer overflow in exif-data.c triggered by a crafted
    image file could lead to arbitrary code execution
    (CVE-2007-6352; Closes: #457330).
5. By Frederic Peters <email address hidden> on 2006-11-19: libexif/exif-entry.c: added extra check against value read for color
space (closes: #398426) (this is not from upstream but upstream is
said to have this fixed as well, couldn't find how)
4. By Frederic Peters <email address hidden> on 2006-03-12: libexif/libexif.pc.in: fixed CFLAGS, so include dir is correctly set.
(closes: #356567)
3. By Frederic Peters <email address hidden> on 2005-07-17: libexif/exif-data.c: backported fix from CVS (revision 1.68)
(closes: #318662)
2. By christophe barbe <email address hidden> on 2004-05-28: New upstream release.
1. By christophe barbe <email address hidden> on 2004-05-28: Import upstream version 0.6.9

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/quantal/libexif

This branch contains Public information

Everyone can see this information.

Subscribers

Ubuntu branches

Ubuntulibexif package