lp:ubuntu/lucid-security/libexif

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

11. By Marc Deslauriers on 2012-07-19

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.patch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.patch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.patch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.patch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841

10. By Emmanuel Bouthenot <email address hidden> on 2009-11-19

* New upstream release
  - fix CVE-2009-3895: heap buffer overflow during tag format conversion
    (Closes: #557137)

9. By Emmanuel Bouthenot <email address hidden> on 2009-10-24

* New upstream release
* Clean and minify the build process (using dh7 overrides)
* Bump Standards-Version to 3.8.3.
* Add README.source file.
* Add doc-base file for libexif API documentation.

8. By Emmanuel Bouthenot <email address hidden> on 2009-04-19

* Adopt the package within pkg-phototools:
  - Set the Maintainer to the group
  - Add Frederic Peters and myself as Uploaders.
  - Add Vcs-Browser and Vcs-Git fields accordingly.
* New upstream release:
  - remove patches merged upsteam:
    + 30_olympus_makernote.dpatch
    + 40_crash_looking_up_invalid_values.dpatch
    + 50_relibtoolize.dpatch
    + CVE-2007-6351.dpatch
    + CVE-2007-6352.dpatch
  - convert existing patches from dpatch to quilt.
  - Fix a bug while reading exif datas in some cases (Closes: #447907)
* Switch packaging to debhelper 7
* Update debian/control:
  - Drop duplicate section field for exif12
  - Bump Standards-Version to 3.8.1
  - Replace deprecated ${Source-Version} by ${binary:Version}
  - Enhance libexif-dev long description.
  - Add homepage field.
  - Add DM-Upload-Allowed field.
* Force remove of files not fully cleaned
* Remove empty doc files in libexif-dev.
* Update debian/copyright.

7. By sam tygier on 2008-10-09

Fix reading Olympus EXIF tags (LP: #98851) patch from upstream CVS Aug 16 2007

6. By Nico Golde <email address hidden> on 2007-12-21

* Non-maintainer upload by security team.
* This update addresses the following security issues:
  - possible denial of service attack via crafted
    image file leading to an infinite recursion in the
    exif-loader.c (CVE-2007-6351; Closes: #457330).
  - integer overflow in exif-data.c triggered by a crafted
    image file could lead to arbitrary code execution
    (CVE-2007-6352; Closes: #457330).

5. By Frederic Peters <email address hidden> on 2006-11-19

libexif/exif-entry.c: added extra check against value read for color
space (closes: #398426) (this is not from upstream but upstream is
said to have this fixed as well, couldn't find how)

4. By Frederic Peters <email address hidden> on 2006-03-12

libexif/libexif.pc.in: fixed CFLAGS, so include dir is correctly set.
(closes: #356567)

3. By Frederic Peters <email address hidden> on 2005-07-17

libexif/exif-data.c: backported fix from CVS (revision 1.68)
(closes: #318662)

2. By christophe barbe <email address hidden> on 2004-05-28

New upstream release.