lp:ubuntu/hardy-security/libexif
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/libexif
Branch merges
Branch information
Recent revisions
- 7. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible info disclosure via
corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
- debian/patches/ CVE-2012- 2812.dpatch: fix reading tags that aren't
NUL-terminated in libexif/exif-entry. c.
- CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
UTF-16 tag (LP: #1024213)
- debian/patches/ CVE-2012- 2813.dpatch: don't read past the end of a
tag when converting from UTF-16 in libexif/exif-entry. c.
- CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/ CVE-2012- 2814.dpatch: fix buffer overflows in
libexif/exif-entry. c.
- CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
crafted tags (LP: #1024213)
- debian/patches/ CVE-2012- 2836.dpatch: fix buffer overflows in
libexif/exif-data. c
- CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
- debian/patches/ CVE-2012- 2837.dpatch: fix some possible
division-by-zeros in libexif/ olympus/ mnote-olympus- entry.c.
- CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
crafted tags (LP: #1024213)
- debian/patches/ CVE-2012- 2840.dpatch: fix off-by-one in
libexif/exif-utils. c.
- CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
incorrect buffer size (LP: #1024213)
- debian/patches/ CVE-2012- 2841.dpatch: validate buffer length in
libexif/exif-entry. c.
- CVE-2012-2841 - 6. By Nico Golde <email address hidden>
-
* Non-maintainer upload by security team.
* This update addresses the following security issues:
- possible denial of service attack via crafted
image file leading to an infinite recursion in the
exif-loader.c (CVE-2007-6351; Closes: #457330).
- integer overflow in exif-data.c triggered by a crafted
image file could lead to arbitrary code execution
(CVE-2007-6352; Closes: #457330). - 5. By Frederic Peters <email address hidden>
-
libexif/
exif-entry. c: added extra check against value read for color
space (closes: #398426) (this is not from upstream but upstream is
said to have this fixed as well, couldn't find how) - 4. By Frederic Peters <email address hidden>
-
libexif/
libexif. pc.in: fixed CFLAGS, so include dir is correctly set.
(closes: #356567) - 3. By Frederic Peters <email address hidden>
-
libexif/
exif-data. c: backported fix from CVS (revision 1.68)
(closes: #318662)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/libexif