[ubuntu/impish-proposed] exiv2 0.27.3-3ubuntu4 (Accepted)
Leonidas Da Silva Barbosa
leo.barbosa at canonical.com
Wed Aug 18 11:42:14 UTC 2021
exiv2 (0.27.3-3ubuntu4) impish; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds
regression test, adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds regression test, adds
an extra checking to prevent the loop counter from wrapping around in
crwimage_int.cpp; adds defensive code to avoid integer overflow in loop
conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp,
src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp,
src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp,
src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential
integer overflow in bytes.size() in src/iptc.cpp; changes type of
escapeStart to size_t in src/exiv2.cpp; fix warning comparison of
integer expressions of different signedness in src/iptc.cpp,
src/tags_int.cpp.
- CVE-2021-34334
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34335-*.patch: adds regression test;
prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive
code in include/exiv2/value.hpp, src/tags_int.cpp.
- CVE-2021-34335
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37615-37616-*.patch: adds regression test;
throw exception if lens info wasn't found in src/pentaxmn_int.cpp;
adds a check to findKey din't return end() in src/convert.cpp,
src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp.
- CVE-2021-37615
- CVE-2021-37616
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37618-*.patch: adds regression test; adds
a better bounds checking for Jp2Image::printStructure in
src/jp2image.cpp.
- CVE-2021-37618
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37619-*.patch: adds regression test;
fix incorrect loop condition in src/jp2image.cpp.
- CVE-2021-37619
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch: adds regression test;
check that type ins't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37621-*.patch: adds regression test;
checks dirlength to avoid infinite loop and adds some defensive code in
src/image.cpp.
- CVE-2021-37621
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37623-1.patch: adds regression test.
- debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-3.patch: improves handling of jpg segments
to avoid out-of-bound in src/jpgimage.cpp, test/data/icc-test.out,
tests/bugfixes/redmine/test_issue_1247.py.
- debian/patches/CVE-2021-37623-4.patch: fix a compiler warning in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-5.patch: updates src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-6.patch: fix poc tests.
- debian/patches/CVE-2021-37623-7.patch: Adds comments to explain
bounds-check in src/jpgimage.cpp.
- CVE-2021-37623
Date: Wed, 11 Aug 2021 15:13:27 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/exiv2/0.27.3-3ubuntu4
-------------- next part --------------
Format: 1.8
Date: Wed, 11 Aug 2021 15:13:27 -0300
Source: exiv2
Built-For-Profiles: noudeb
Architecture: source
Version: 0.27.3-3ubuntu4
Distribution: impish
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
exiv2 (0.27.3-3ubuntu4) impish; urgency=medium
.
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-32815-*.patch: adds a check of sizes, adds
regression test, adds msgs prints for DEBUG flags in
src/crwimage_int.cpp.
- CVE-2021-32815
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34334-*.patch: adds regression test, adds
an extra checking to prevent the loop counter from wrapping around in
crwimage_int.cpp; adds defensive code to avoid integer overflow in loop
conditions in src/actions.cpp, src/basicio.cpp, src/convert.cpp,
src/exif.cpp, src/exvi2.cpp, src/iptc.cpp, src/preview.cpp,
src/tags_int.cpp, src/tiffcomposite_int.cpp, src/types.cpp,
src/xmp.cpp, src/xmpsidecar.cpp; adds a better fix for a potential
integer overflow in bytes.size() in src/iptc.cpp; changes type of
escapeStart to size_t in src/exiv2.cpp; fix warning comparison of
integer expressions of different signedness in src/iptc.cpp,
src/tags_int.cpp.
- CVE-2021-34334
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-34335-*.patch: adds regression test;
prevent divide-by-zero crash in src/minoltamn_int.cpp; adds defensive
code in include/exiv2/value.hpp, src/tags_int.cpp.
- CVE-2021-34335
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37615-37616-*.patch: adds regression test;
throw exception if lens info wasn't found in src/pentaxmn_int.cpp;
adds a check to findKey din't return end() in src/convert.cpp,
src/crwimage_int.cpp, src/exif.cpp, src/iptc.cpp, src/xmp.cpp.
- CVE-2021-37615
- CVE-2021-37616
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37618-*.patch: adds regression test; adds
a better bounds checking for Jp2Image::printStructure in
src/jp2image.cpp.
- CVE-2021-37618
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37619-*.patch: adds regression test;
fix incorrect loop condition in src/jp2image.cpp.
- CVE-2021-37619
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2021-37620-*.patch: adds regression test;
check that type ins't an empty string in src/values.cpp and
adds safer vector indexing in multiples files in src/*.
- CVE-2021-37620
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37621-*.patch: adds regression test;
checks dirlength to avoid infinite loop and adds some defensive code in
src/image.cpp.
- CVE-2021-37621
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2021-37622-*.patch: adds regression test; makes sure
that read is complete to prevent infinite loop and remove dedundant
check in src/jpgimage.cpp.
- CVE-2021-37622
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2021-37623-1.patch: adds regression test.
- debian/patches/CVE-2021-37623-2.patch: adjusts bufRead after seek() in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-3.patch: improves handling of jpg segments
to avoid out-of-bound in src/jpgimage.cpp, test/data/icc-test.out,
tests/bugfixes/redmine/test_issue_1247.py.
- debian/patches/CVE-2021-37623-4.patch: fix a compiler warning in
src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-5.patch: updates src/jpgimage.cpp.
- debian/patches/CVE-2021-37623-6.patch: fix poc tests.
- debian/patches/CVE-2021-37623-7.patch: Adds comments to explain
bounds-check in src/jpgimage.cpp.
- CVE-2021-37623
Checksums-Sha1:
6fca9209b20564cd09bf9e7fa6bf7795e5e95406 2373 exiv2_0.27.3-3ubuntu4.dsc
7addaae034eb796fde9df0a03d3e685877afe93d 235136 exiv2_0.27.3-3ubuntu4.debian.tar.xz
e55ca1a96d4ea09aa7f0269e35b786d6d889447b 11043 exiv2_0.27.3-3ubuntu4_source.buildinfo
Checksums-Sha256:
ae8a9635c2364f5d71e0ea62b71e26b686b35c8eb045a332ceeebc10b6176647 2373 exiv2_0.27.3-3ubuntu4.dsc
cae62fd3fe1bf0440483b20e6c1b7b8b88451cef03e08705206126be95a373bb 235136 exiv2_0.27.3-3ubuntu4.debian.tar.xz
2291ed8bbf4e3e0ede6b7fdd7ad5890c3025ec286d8ac6f0668da0c1987715b3 11043 exiv2_0.27.3-3ubuntu4_source.buildinfo
Files:
34bbeea0a00de3219dca1381d4976cef 2373 graphics optional exiv2_0.27.3-3ubuntu4.dsc
0a0c07b578a8e45048018e7b13415491 235136 graphics optional exiv2_0.27.3-3ubuntu4.debian.tar.xz
fe10ece6ebe58e4b56f4cb75198fc5ba 11043 graphics optional exiv2_0.27.3-3ubuntu4_source.buildinfo
Original-Maintainer: Debian KDE Extras Team <pkg-kde-extras at lists.alioth.debian.org>
More information about the impish-changes
mailing list