Your message dated Sat, 16 May 2026 11:07:42 +0000
with message-id <[email protected]>
and subject line Released with 12.14
has caused the Debian Bug report #1134478,
regarding bookworm-pu: package libexif/0.6.24-1+deb12u1
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1134478: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134478
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: [email protected], [email protected]
Control: affects -1 + src:libexif
User: [email protected]
Usertags: pu
[ Reason ]
This update attempt to fix all open CVEs for libexif.
[ Impact ]
If the update isn't approved, users will continue to be vulnerable to
CVE-2026-40386, CVE-2026-40385, CVE-2026-32775. Bullseye
users upgrading to Trixie will become vulnerable again.
[ Tests ]
Issues affect to specific hardware
[ Risks ]
All the changes are minor an easy to read the code.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
CVE-2026-40386: fix an integer underflow in a size check.
CVE-2026-40385: Add a check to avoid overflow in system with
32 bits unsigned int size_t.
CVE-2026-32775: Fix an integer undeflow in
mnote_pentax_entry_get_values(). This patch add a check
to verify that maxlen be at least 1.
--- End Message ---
--- Begin Message ---
Package: release.debian.org
Version: 12.14
This update has been released as part of Debian 12.14.
--- End Message ---
