Your message dated Thu, 28 Jun 2018 16:19:43 +0000
with message-id <[email protected]>
and subject line Bug#901707: fixed in exiv2 0.25-4
has caused the Debian Bug report #901707,
regarding exiv2: CVE-2018-12264
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
901707: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901707
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: exiv2
Version: 0.25-3.1
Severity: important
Tags: security upstream
Forwarded: https://github.com/Exiv2/exiv2/issues/366
Hi,
The following vulnerability was published for exiv2.
CVE-2018-12264[0]:
| Exiv2 0.26 has integer overflows in LoaderTiff::getData() in
| preview.cpp, leading to an out-of-bounds read in
| Exiv2::ValueType::setDataArea in value.hpp.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-12264
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12264
[1] https://github.com/Exiv2/exiv2/issues/366
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: exiv2
Source-Version: 0.25-4
We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Maximiliano Curia <[email protected]> (supplier of updated exiv2 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 Jun 2018 18:05:24 +0200
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc
Architecture: source
Version: 0.25-4
Distribution: unstable
Urgency: medium
Maintainer: Debian Qt/KDE Maintainers <[email protected]>
Changed-By: Maximiliano Curia <[email protected]>
Description:
exiv2 - EXIF/IPTC/XMP metadata manipulation tool
libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Closes: 901706 901707
Changes:
exiv2 (0.25-4) unstable; urgency=medium
.
[ Roberto C. Sanchez ]
* CVE-2018-10958: denial of service through memory exhaustion and
application crash by a crafted PNG image.
* CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
* CVE-2018-10998: denial of service through memory exhaustion and
application crash by a crafted image.
* CVE-2018-11531: a heap-based buffer overflow and application crash by a
crafted image.
* CVE-2018-12264: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901707)
* CVE-2018-12265: integer overflow leading to out of bounds read by a
crafted image. (Closes: #901706)
.
[ Maximiliano Curia ]
* Bump debhelper build-dep and compat to 11
* Bump to Standards-Version 4.1.4
* Update Vcs fields
* Migrate to automatic dbgsym packages
* Drop parallel and autotools_dev from dh call
* Update watch file
* Release to unstable
Checksums-Sha1:
80ee36cc670b30382d795e0e43071ff40daac3a6 2237 exiv2_0.25-4.dsc
5a2a810137b3cc0b921300eda8cd8e5a446267c6 26800 exiv2_0.25-4.debian.tar.xz
3cdf36daa348335c38ddc2752895d8f0584990e0 7783 exiv2_0.25-4_source.buildinfo
Checksums-Sha256:
144b9d823f69b93737dee5567d4483e1cb24654bf6f2f48fd0e8cd04bf204fe8 2237
exiv2_0.25-4.dsc
21eb7f23d4e56afbd802c931fbc805ddec488b85be074972d15eaf8b1af0e936 26800
exiv2_0.25-4.debian.tar.xz
0730e3a518b9e50f9eade71b7171efdcc0164a1fd8c3d0748a38f7a85f953d59 7783
exiv2_0.25-4_source.buildinfo
Files:
5284f473af5414e346fa8575f1eb8d5e 2237 graphics optional exiv2_0.25-4.dsc
efe097b65e2c735a5a283be5254a3e23 26800 graphics optional
exiv2_0.25-4.debian.tar.xz
22b2cadfb3a12118e3f7d135b292a902 7783 graphics optional
exiv2_0.25-4_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE+JIdOnQEyG4RNSIVxxl2mbKbIyoFAls1B6kACgkQxxl2mbKb
Iyot9RAAsyHIJZ0U3LPAEL0eO/oXkQoHOetMjqLf4dVwkHxnJVX9VMrbIU+FkHcC
qnqcJoFEzMCQMI1Dz2TMV5LutSQRnro/TErbHuhp5yRbVFJJjAbnh0u/sC/RBf30
wt5stsbMuXK7mA1XZiXMq4uCoRk2bTRtt/f9MoEbjV/P9ase/V9HYhDk+8ympqAu
4orI/C7OP9lA1OHRPB01UsmXb4vze2YYilrRhmNua5aeqdTN9iLeLQuobQg0yNl+
6iwT1QV3HD5FQfn5GTFOvF4xeTqUZwtQY0dJWPUVvMbqhEs6dHL2x3WaCmdhL3XX
MzqtnDSOy1NeXluVswjlPa7YgQtkuWibZ5OwaPP1DPVpoofI32luVqQXlCDlyiFj
+BPM4JHTme9ETpKhuUmaQeVRISnUXZf+9Oqpu4gLoG5AMyJ95uEHBCQ2bV1y2ITQ
yChvyquBiiPGmLR78zlDoHxgXJ8q0MsLIDVqC45gGG4+O2Z9u8ziu26G0zdeL9hA
FnN8Hl3YmykjUx01nGaMdmC5nwqO3DjOzboOP8b4BJfoRHUfBlKXFww8AjRvs7sE
UXcvNgilfqeX/l/M4bSvHQE9nBYa4gV78tY4hxBC8RLzWkfXgibB3EbAqhXUFFVM
xgOxus8oi3cOVY8hiLqznwkKoU18Lm+6aR0sZ24CrJxhmwagnu0=
=28Rh
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
pkg-kde-extras mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-kde-extras
