Hello community, here is the log from the commit of package exif for openSUSE:Factory checked in at 2012-09-14 12:22:16 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/exif (Old) and /work/SRC/openSUSE:Factory/.exif.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "exif", Maintainer is "posta...@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/exif/exif.changes 2011-09-23 01:57:05.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.exif.new/exif.changes 2012-09-14 12:22:19.000000000 +0200 @@ -1,0 +2,15 @@ +Thu Jul 12 20:13:50 UTC 2012 - meiss...@suse.com + +- * Prevent NULL pointer dereference on out of memory situation. + Such a situation could be created when processing an extremely + large JPEG file. + * libjpeg/jpeg-data.c: Fixed bug that caused exif to read past the end + of a buffer. At worst, data->size would underflow which would cause + a gigantic read past the end of the heap buffer and likely + subsequent crash, which would only happen with a corrupted + input file. It might be possible to copy sensitive information + from process memory. + This fixes CVE-2012-2845 +- lots of translation updates + +------------------------------------------------------------------- Old: ---- exif-0.6.20.tar.bz2 New: ---- exif-0.6.21.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ exif.spec ++++++ --- /var/tmp/diff_new_pack.VMcHtv/_old 2012-09-14 12:22:20.000000000 +0200 +++ /var/tmp/diff_new_pack.VMcHtv/_new 2012-09-14 12:22:20.000000000 +0200 @@ -1,7 +1,7 @@ # # spec file for package exif # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,18 @@ # - Name: exif -BuildRequires: libexif-devel pkgconfig popt-devel +BuildRequires: libexif-devel +BuildRequires: pkgconfig +BuildRequires: popt-devel Url: http://sourceforge.net/projects/libexif +Summary: Small Command Line Utility to Show and Change EXIF Information in JPEG Files License: GPL-2.0+ Group: Productivity/Graphics/Other -Summary: Small Command Line Utility to Show and Change EXIF Information in JPEG Files -Version: 0.6.20 -Release: 1 +Version: 0.6.21 +Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: %{name}-%{version}.tar.bz2 +Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 %description Exif is a small command line utility to show and change EXIF ++++++ exif-0.6.20.tar.bz2 -> exif-0.6.21.tar.bz2 ++++++ ++++ 25000 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org