[ubuntu/disco-proposed] exiv2 0.25-4ubuntu1 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Thu Jan 24 20:30:18 UTC 2019 

exiv2 (0.25-4ubuntu1) disco; urgency=medium

   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-11591.patch: fix in
       include/exiv2/value.hpp.
     - CVE-2017-11591
   * SECURITY UPDATE: Remote denial of service
     - debian/patches/CVE-2017-11683.patch: fix in
       src/tiffvisitor.cpp.
     - CVE-2017-11683
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-14859_14862_14864.patch: fix in
       src/error.cpp, src/tiffvisitor.cpp.
     - CVE-2017-14859
     - CVE-2017-14862
     - CVE-2017-14864
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-17669.patch: fix in
       src/pngchunk.cpp.
     - CVE-2017-17669
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2018-17581.patch: fix in
       src/crwimage.cpp.
     - CVE-2018-17581
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-16336.patch: fix in
       src/pngchunk.cpp.
     - CVE-2018-16336
  * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.

Date: Thu, 24 Jan 2019 13:15:19 -0300
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/exiv2/0.25-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 24 Jan 2019 13:15:19 -0300
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc
Architecture: source
Version: 0.25-4ubuntu1
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas S. Barbosa <leo.barbosa at canonical.com>
Description:
 exiv2      - EXIF/IPTC/XMP metadata manipulation tool
 libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
 libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Changes:
 exiv2 (0.25-4ubuntu1) disco; urgency=medium
 .
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2017-11591.patch: fix in
        include/exiv2/value.hpp.
      - CVE-2017-11591
    * SECURITY UPDATE: Remote denial of service
      - debian/patches/CVE-2017-11683.patch: fix in
        src/tiffvisitor.cpp.
      - CVE-2017-11683
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2017-14859_14862_14864.patch: fix in
        src/error.cpp, src/tiffvisitor.cpp.
      - CVE-2017-14859
      - CVE-2017-14862
      - CVE-2017-14864
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2017-17669.patch: fix in
        src/pngchunk.cpp.
      - CVE-2017-17669
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-2018-17581.patch: fix in
        src/crwimage.cpp.
      - CVE-2018-17581
    * SECURITY UPDATE: Denial of service
      - debian/patches/CVE-16336.patch: fix in
        src/pngchunk.cpp.
      - CVE-2018-16336
   * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
Checksums-Sha1:
 b9882202ee6bf0401eb5cbba93aaa10fccba1d21 2344 exiv2_0.25-4ubuntu1.dsc
 75094fee50e21a85b8f722225b93e0a894c2a6a7 30420 exiv2_0.25-4ubuntu1.debian.tar.xz
 18b7049f20935c40f8d6646a12b7436b299c7dba 8580 exiv2_0.25-4ubuntu1_source.buildinfo
Checksums-Sha256:
 bc1641d1018b103470089536e9dbaba1b68da7d369090b37c113ac993b57151d 2344 exiv2_0.25-4ubuntu1.dsc
 c52c9cfcdc1143d0e1277b114f91b6a8e5b44ee9ec5740010daa301fc2d8de0f 30420 exiv2_0.25-4ubuntu1.debian.tar.xz
 be3f0538a805c46154d45564796e394176a70acd500d5c9ee29f4b51f93d91cb 8580 exiv2_0.25-4ubuntu1_source.buildinfo
Files:
 c7656905dd9ee1313447b4025772c419 2344 graphics optional exiv2_0.25-4ubuntu1.dsc
 f3655a0eb27fa46bd1491df4338b4c07 30420 graphics optional exiv2_0.25-4ubuntu1.debian.tar.xz
 bdc19a85c98e855e52e532a6a49be35b 8580 graphics optional exiv2_0.25-4ubuntu1_source.buildinfo
Original-Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxKH+cACgkQZWnYVadE
vpON/xAAoui21/iukK9ftLY2PyVyeQMfveo/crKYetRzMYygFcVbL6KgG3gW0fer
7tNcwB24JyPvGqB6bTEMiEwqHmTKiqTthhQDqeJmrhyfC3CrwNcuhOPsqJhebcGO
SYFnFZU5l2QlbcZz+Vu1k1ON5bJt98m/GIWlOM8f5DPuhs8nDiro94nbvpkW8xuW
NtCadH8N+9O+QmSfcn2a7fFu2wS0muDTTU8gDFR9kOiCZ9n4JlF9YhXufZj7DERH
PFLZCoY/EylfCD0QKawna5Q2ZJvUh61gZETVbHsQP2yq9XxkJy/EALPihiDrza6E
UDvKn2XdylWUQmrjejuhqU68WJWweJbkXEIivah701rAMfpKc9KNBRP6IdIW4Ufz
+FB8StXO971KFjTSLDJl1CazJmxw4Xp6fsfKTcDIQrIKWowCH3420k40hLt6orm4
w1Ay8M3Lgebp0X0lj9wDpRlajXNF1jd33l9SDqn/tRbaU+ov7wFpGL/aQ2Q9JzFu
TBWgGKKj3SpdMMcipQVLkJAvbJfgoeLTPndP440zaD78DAaGn73r1hK2cNIhIHM0
9TodsURe/fnO++2tZN4S/wKYKCkWnRxPOBbH2QC0d6/RJGVpEt95LuaxmdyGRgfi
FtRHoqFaRp/ed6zLiXK5l11azmhAgIZ0S1CTc/pbRaiOxz2qALI=
=ztQO
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list