Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for exiv2 some time ago.

CVE-2008-2696[0]:
| Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
| service (divide-by-zero and application crash) via a zero value in
| Nikon lens information in the metadata of an image, related to "pretty
| printing" and the RationalValue::toLong function.

Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable. It does
not warrant a DSA.

However it would be nice if this could get fixed via a regular point update[1].
Please contact the release team for this.

This is Debian bug #486328.

A patch can be found on: 
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499

This is an automatically generated mail, in case you are already working on an
upgrade this is of course pointless.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2696
[1] 
http://www.debian.org/doc/developers-reference/ch-pkgs.en.html#s-upload-stable

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpKIHx8TEN8Z.pgp
Description: PGP signature

_______________________________________________
pkg-kde-extras mailing list
pkg-kde-extras@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras

Reply via email to