Your message dated Sat, 08 Feb 2020 16:32:08 +0000
with message-id <[email protected]>
and subject line Bug#945948: fixed in libexif 0.6.21-5.1+deb10u1
has caused the Debian Bug report #945948,
regarding libexif: CVE-2019-9278
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
945948: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945948
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libexif
Version: 0.6.21-5.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/libexif/libexif/issues/26
Control: found -1 0.6.21-2
Hi,
The following vulnerability was published for libexif.
CVE-2019-9278[0]:
| In libexif, there is a possible out of bounds write due to an integer
| overflow. This could lead to remote escalation of privilege in the
| media content provider with no additional execution privileges needed.
| User interaction is needed for exploitation. Product: AndroidVersions:
| Android-10Android ID: A-112537774
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-9278
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
[1] https://github.com/libexif/libexif/issues/26
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.21-5.1+deb10u1
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 01 Feb 2020 21:43:18 +0100
Source: libexif
Architecture: source
Version: 0.6.21-5.1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 945948
Changes:
libexif (0.6.21-5.1+deb10u1) buster-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix out of bound write in exif-data.c (CVE-2019-9278) (Closes: #945948)
Checksums-Sha1:
4b054efc9d2db16406c9c0298675fd7003749a86 2304 libexif_0.6.21-5.1+deb10u1.dsc
4106f02eb5f075da4594769b04c87f59e9f3b931 2081615 libexif_0.6.21.orig.tar.gz
7597ca98eae2a1d8b6c5178b82d2bac5cab3aeeb 14008
libexif_0.6.21-5.1+deb10u1.debian.tar.xz
Checksums-Sha256:
1c1083725b7714ea0b78d2ffbf5a65a9e6b979ba8037619a41e6986c8c5af751 2304
libexif_0.6.21-5.1+deb10u1.dsc
edb7eb13664cf950a6edd132b75e99afe61c5effe2f16494e6d27bc404b287bf 2081615
libexif_0.6.21.orig.tar.gz
88d74663b25e6ab05471c2ffd051e8598741789845558ac4ab7c84f199a591e0 14008
libexif_0.6.21-5.1+deb10u1.debian.tar.xz
Files:
90c9063574a88a36181d8cb3b3d5e94c 2304 libs optional
libexif_0.6.21-5.1+deb10u1.dsc
9321c409a3e588d4a99d63063ef4bbb7 2081615 libs optional
libexif_0.6.21.orig.tar.gz
a0235d71f9269f64155e2ea27e8d8947 14008 libs optional
libexif_0.6.21-5.1+deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl415MBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EL+wP/0ORV5WUUey+4ENdiid4kaFyR+ofUjPF
wy/9URgtol8LYG8UwvEJvohqQqOTNqbkIp2UMuTq0hROvwWkY/p7PTuhf1vrf3V8
Bk6o+kLHJdp8aISnBXNF0zT21oxZy+G20mkVyHdFZIHGr5k4GKAPJYB8rlCEsF+8
vRnZP6OvNPvp3c4LeyooJLMeMm2WZbvungYuNv6aoiTzMTwSMlqU1vbUVwjasFmt
JAAFWaYkG/yAjRnndvp0wwbDpLUN/BSrMNEj6IrN4KzU+Nx2BahiLI1A4YVoTKmH
bztGn6ZiOd/Wl3emhFU1lZdqGG/gIk5yawqs77C0MoMjOqn0um+rmgYBk8j5pK1p
urauYXiDrE+SEmLZzCtYcE0iHFeCI4mivxeonFWhHBUZhBvYWrcZY/asBOqI8T04
rgN+fqdaZwAiekssO7fSMRl8Yxr5fk1z98DFOjCZzhdtneZV3UvGTxt/1WNWBmNF
NnbQp/VXNCSBJOiE7mRPmw9teT3kfMdrLTKTIWbcCVj3WMniA7N8s812yKPK8HYl
LI9AjycmYFpN+0jGX48bmmDHCDyU25jVgFC8GRf0R8swkQ9z+aKSKgG6cpUgEyVh
nXxRSRIS611PZ0iWn+kwLD6E8NvEAqSmzAvCeXLTYLPutmt6fXPk3GQ120Bvw5zA
uYfwhy1zOBn6
=UjkJ
-----END PGP SIGNATURE-----
--- End Message ---
