Your message dated Fri, 29 May 2015 04:21:14 +0000
with message-id <[email protected]>
and subject line Bug#779527: fixed in exifprobe 2.0.1-6
has caused the Debian Bug report #779527,
regarding exifprobe: denial of service
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
779527: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=779527
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: exifprobe
Version: 2.0.1-3
Severity: important
Tags: security
Following attached sample file hangs exifprobe and uses all CPU from one core.
Sample file is fuzzed with american fuzzy lop <http://lcamtuf.coredump.cx/afl/>.
00000000 ff d8 ff e0 00 10 4a 46 49 46 4a 46 49 46 00 01 |......JFIFJFIF..|
00000010 00 01 00 00 ff ec 00 43 |.......C|
00000018
Starting program: exifprobe-2.0.1/exifprobe -c sample2.jpg
File Name = sample2.jpg
File Type = JPEG
File Size = 24
@000000000=0 : <JPEG_SOI>
@0x0000002=2 : <JPEG_APP0> 0xffe0 length 16, - (not dumped: use -A)
@0x0000013=19 : </JPEG_APP0>
@0x0000014=20 : <JPEG_APP12> 0xffec length 67, FAILED to read
character at offset 24 (EOF)
- --
Henri Salo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJU84XpAAoJECet96ROqnV0MLsP/i08u5Ht82ElZlg9n0TdF23x
1G9Muhz93Pa78dxvE9FVh7mjFr9Qsp3WwXlEAXrK8uM+aVECZYDHe5RXDn5nGcGp
h2Z1bLXOZATJ7bPbJJ6WFCvKuh6NgAx/+E/sSY3CGe3yJl6CsBsV8a/DlqCuEUen
UibQuML64Yz0W6Q0AHnWmopsuqNZ49Sml6CBjSDPLqYeNQIVFCqwlucn3h8ENuox
L7ZdXh0xhaYqcKzaj550IbgbqBg1SiNbJqeEN0/HeHLPwA4Fk/U0zHSjPTvcrjLG
nTpLa+e9WBDw9BJOlFQj4U4/mz26HDc2iTaJ/sNmwDQZ5hJsvtjxADI6Jdp+LWc0
Ti9P/4gKrKuA2DEYfTGzL7lX8YQQ6HiVP3zWnJB64isGCP5dgcl5jL27QhmUyaeF
jtuP/ND+X0kBHjpkcv/hJArfk2+XfQKe8lcIGeJRX3DhwMD1oc5lq5g+2RoJHvZa
aJGxeZGWc6d3ObkpPbHqUX5NxqqsSVttMjETMfcBLAe7xq2n1PhyZZH1vU2aqdiQ
K89aW+HdKhJvvmixZ6DQzID9I9JdGn0/OWtKkBHQoazgGjOv0BgccDGX/fRYa9y0
4iHl0WLGeDk1B8dW2CzD13sqDAym/cDAyDUthLt5LpNOtrL3Cv/ykjyjC2b5UInS
klUsjJiVX6eqtMnindFu
=fiJn
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Source: exifprobe
Source-Version: 2.0.1-6
We believe that the bug you reported is fixed in the latest version of
exifprobe, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Joao Eriberto Mota Filho <[email protected]> (supplier of updated exifprobe
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 28 May 2015 18:58:35 -0300
Source: exifprobe
Binary: exifprobe
Architecture: source amd64
Version: 2.0.1-6
Distribution: unstable
Urgency: medium
Maintainer: Debian Forensics <[email protected]>
Changed-By: Joao Eriberto Mota Filho <[email protected]>
Description:
exifprobe - read metadata from digital pictures
Closes: 779525 779527
Changes:
exifprobe (2.0.1-6) unstable; urgency=medium
.
* Upload to unstable.
* debian/control: added the Homepage field.
* debian/patches/fix-issues-found-by-afl: added to fix some issues detected
by AFL. (Closes: #779525, #779527)
* debian/watch: pointing to new upstream site.
Checksums-Sha1:
267a0e85450ba6e5081d4cd292aca0c6bd5a125f 1928 exifprobe_2.0.1-6.dsc
ba5184c3e922721f66646c0dd2c59718e484be97 6928 exifprobe_2.0.1-6.debian.tar.xz
2f93c9d44944d4289c34c2e296832dd16a1b627f 166992 exifprobe_2.0.1-6_amd64.deb
Checksums-Sha256:
3003cd6e630378663b48b3f5269736aec43789d5e594178eefe2fab4e296454e 1928
exifprobe_2.0.1-6.dsc
b93d04a6be5a5ebf72ec6bd4e88e38ec9a9cf67abcff694323db8babb4c7c6e8 6928
exifprobe_2.0.1-6.debian.tar.xz
7c1e9e3e10e93e44f1b31ddc4b5697fe73609ee2906184ad9fd7e0cd86b5466e 166992
exifprobe_2.0.1-6_amd64.deb
Files:
45511bcd85df011c5424e7cc2ec3b67d 1928 graphics optional exifprobe_2.0.1-6.dsc
367fb400b3da5462b7724f91b1c2a599 6928 graphics optional
exifprobe_2.0.1-6.debian.tar.xz
d2c716a8a52089f46a65ddd5a7a59ccc 166992 graphics optional
exifprobe_2.0.1-6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJVZ95LAAoJEN5juccE6+nvZoQP/1HM9yTybniKIfeFzlpuYHrw
lI3RpWCShIXGVI2kMGzzBTdRMr3vlwoEG3ZxwjYjBtA4uN3caG3vOLGbs1evw0HD
lkuoBWETblfEQ0/WknRS9lpbkQHwNIsB97rTivplG/PPy20Vzfe6nFXZHCLXc7Kf
+Wx4W/FUYDqRcC8831l+/vy/7fAVojbhozFa21FEkIN9kg0rRU02qXagfxlrZ1Lm
JlhIwQFewgYIeuWE7N5vfvOFAdklknxR9fMWfB0cupTjR4OLBp5+XHPC7gPG1Clt
2lLibnHkSJpL9hVvtK4wXbi3VraglDpOrxy6JwTnWgjzeBE0IA2q3oGIxYX3h6b/
qR8Dz0jhglidxt/TURhL80PJqPZ4lSO/+g6b+3wmSii4nL3rpFZyzgZbBdX5ybEO
HoYsC7L9r2pAmhHBCtqQDxPhEBs3WHDQrDrjBmx9Y+KmF6ld73k8rnnc9K6mKvPz
Xq0vZ/6uaBgT4unrBtxV8nY6mxhQLEzVBs3z9jrlTAb0n+L/yVu/aypqcC19s8b/
lWs1IyvzqE26nokHtPvD2zV3nhGzusRoJs03Hv9zQbRlN9UWz+E1H9mdllBguZsT
rs5vgP7SHxgsuJuBNwNmnLFReAOVOVo8Uo9zo6r5fSK1s+LwcvTOWYWSorm4/d4Y
bIApbahACtLExRoZSiVI
=4mH/
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
forensics-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/forensics-devel
