Your message dated Fri, 21 Dec 2007 17:17:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#457330: fixed in libexif 0.6.16-2.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libexif
Version: 0.6.9-6sarge1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libexif.
CVE-2007-6352[0]:
| Integer overflow in libexif 0.6.16 and earlier allows
| context-dependent attackers to execute arbitrary code via an image
| with crafted EXIF tags.
CVE-2007-6351[1]:
| libexif 0.6.16 and earlier allows context-dependent
| attackers to cause a denial of service (infinite recursion)
| via an image file with crafted EXIF tags.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6352
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6351
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp8brGpieqfN.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.16-2.1
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:
libexif-dev_0.6.16-2.1_i386.deb
to pool/main/libe/libexif/libexif-dev_0.6.16-2.1_i386.deb
libexif12_0.6.16-2.1_i386.deb
to pool/main/libe/libexif/libexif12_0.6.16-2.1_i386.deb
libexif_0.6.16-2.1.diff.gz
to pool/main/libe/libexif/libexif_0.6.16-2.1.diff.gz
libexif_0.6.16-2.1.dsc
to pool/main/libe/libexif/libexif_0.6.16-2.1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Nico Golde <[EMAIL PROTECTED]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 21 Dec 2007 17:13:58 +0100
Source: libexif
Binary: libexif12 libexif-dev
Architecture: source i386
Version: 0.6.16-2.1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <[EMAIL PROTECTED]>
Changed-By: Nico Golde <[EMAIL PROTECTED]>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif12 - library to parse EXIF files
Closes: 457330 457330
Changes:
libexif (0.6.16-2.1) unstable; urgency=high
.
* Non-maintainer upload by security team.
* This update addresses the following security issues:
- possible denial of service attack via crafted
image file leading to an infinite recursion in the
exif-loader.c (CVE-2007-6351; Closes: #457330).
- integer overflow in exif-data.c triggered by a crafted
image file could lead to arbitrary code execution
(CVE-2007-6352; Closes: #457330).
Files:
a22d0350058d240f2fb337c473ebe0fd 615 libs optional libexif_0.6.16-2.1.dsc
077206efeafbee981b41f5eea67024c7 15103 libs optional libexif_0.6.16-2.1.diff.gz
d92a74a44d95d55f1d8b44381af7a0de 147904 libdevel optional
libexif-dev_0.6.16-2.1_i386.deb
70683c69cdc384dd6717c88f09557c2e 235592 libs optional
libexif12_0.6.16-2.1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHa/CKHYflSXNkfP8RAjnsAKCEGaAjLE940JGa7SX+PlpOEleDxQCcC+qO
M+NaccVuEGJEEZYJfmj3bcI=
=pxdQ
-----END PGP SIGNATURE-----
--- End Message ---
