Package: exiv2 Severity: grave Tags: security, patch Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for exiv2. CVE-2008-2696[0]: Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. See upstream patch at: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696 http://security-tracker.debian.net/tracker/CVE-2008-2696 _______________________________________________ pkg-kde-extras mailing list pkg-kde-extras@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-kde-extras