lp:ubuntu/hardy-updates/libexif

Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-updates/libexif
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

7. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.dpatch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.dpatch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.dpatch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.dpatch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.dpatch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.dpatch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.dpatch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841

6. By Nico Golde <email address hidden>

* Non-maintainer upload by security team.
* This update addresses the following security issues:
  - possible denial of service attack via crafted
    image file leading to an infinite recursion in the
    exif-loader.c (CVE-2007-6351; Closes: #457330).
  - integer overflow in exif-data.c triggered by a crafted
    image file could lead to arbitrary code execution
    (CVE-2007-6352; Closes: #457330).

5. By Frederic Peters <email address hidden>

libexif/exif-entry.c: added extra check against value read for color
space (closes: #398426) (this is not from upstream but upstream is
said to have this fixed as well, couldn't find how)

4. By Frederic Peters <email address hidden>

libexif/libexif.pc.in: fixed CFLAGS, so include dir is correctly set.
(closes: #356567)

3. By Frederic Peters <email address hidden>

libexif/exif-data.c: backported fix from CVS (revision 1.68)
(closes: #318662)

2. By christophe barbe <email address hidden>

New upstream release.

1. By christophe barbe <email address hidden>

Import upstream version 0.6.9

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/libexif
This branch contains Public information 
Everyone can see this information.

Subscribers