lp:ubuntu/natty-security/libexif

Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/natty-security/libexif
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

12. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.patch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.patch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.patch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.patch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841

11. By Robert Ancell

releasing version 0.6.20-0ubuntu1

10. By Emmanuel Bouthenot <email address hidden>

* New upstream release
  - fix CVE-2009-3895: heap buffer overflow during tag format conversion
    (Closes: #557137)

9. By Emmanuel Bouthenot <email address hidden>

* New upstream release
* Clean and minify the build process (using dh7 overrides)
* Bump Standards-Version to 3.8.3.
* Add README.source file.
* Add doc-base file for libexif API documentation.

8. By Emmanuel Bouthenot <email address hidden>

* Adopt the package within pkg-phototools:
  - Set the Maintainer to the group
  - Add Frederic Peters and myself as Uploaders.
  - Add Vcs-Browser and Vcs-Git fields accordingly.
* New upstream release:
  - remove patches merged upsteam:
    + 30_olympus_makernote.dpatch
    + 40_crash_looking_up_invalid_values.dpatch
    + 50_relibtoolize.dpatch
    + CVE-2007-6351.dpatch
    + CVE-2007-6352.dpatch
  - convert existing patches from dpatch to quilt.
  - Fix a bug while reading exif datas in some cases (Closes: #447907)
* Switch packaging to debhelper 7
* Update debian/control:
  - Drop duplicate section field for exif12
  - Bump Standards-Version to 3.8.1
  - Replace deprecated ${Source-Version} by ${binary:Version}
  - Enhance libexif-dev long description.
  - Add homepage field.
  - Add DM-Upload-Allowed field.
* Force remove of files not fully cleaned
* Remove empty doc files in libexif-dev.
* Update debian/copyright.

7. By sam tygier

Fix reading Olympus EXIF tags (LP: #98851) patch from upstream CVS Aug 16 2007

6. By Nico Golde <email address hidden>

* Non-maintainer upload by security team.
* This update addresses the following security issues:
  - possible denial of service attack via crafted
    image file leading to an infinite recursion in the
    exif-loader.c (CVE-2007-6351; Closes: #457330).
  - integer overflow in exif-data.c triggered by a crafted
    image file could lead to arbitrary code execution
    (CVE-2007-6352; Closes: #457330).

5. By Frederic Peters <email address hidden>

libexif/exif-entry.c: added extra check against value read for color
space (closes: #398426) (this is not from upstream but upstream is
said to have this fixed as well, couldn't find how)

4. By Frederic Peters <email address hidden>

libexif/libexif.pc.in: fixed CFLAGS, so include dir is correctly set.
(closes: #356567)

3. By Frederic Peters <email address hidden>

libexif/exif-data.c: backported fix from CVS (revision 1.68)
(closes: #318662)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/quantal/libexif
This branch contains Public information 
Everyone can see this information.

Subscribers