Your message dated Thu, 28 May 2020 14:34:01 +0000
with message-id <[email protected]>
and subject line Bug#961409: fixed in libexif 0.6.21-9
has caused the Debian Bug report #961409,
regarding libexif: CVE-2020-13113
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
961409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libexif
Version: 0.6.21-8
Severity: important
Tags: security upstream
Control: found -1 0.6.21-7
Control: found -1 0.6.21-5.1+deb10u1
Control: found -1 0.6.21-5.1
Control: found -1 0.6.21-2+deb9u1
Control: found -1 0.6.21-2
Hi,
The following vulnerability was published for libexif.
CVE-2020-13113[0]:
| An issue was discovered in libexif before 0.6.22. Use of uninitialized
| memory in EXIF Makernote handling could lead to crashes and potential
| use-after-free conditions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
[1]
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.21-9
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 28 May 2020 23:23:33 +1000
Source: libexif
Architecture: source
Version: 0.6.21-9
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 961407 961409 961410
Changes:
libexif (0.6.21-9) unstable; urgency=medium
.
* Emmanuel Bouthenot has stepped down as an Uploader.
- Thank you for maintaining libexif!
* Add Hugh McMaster as an Uploader.
* Add upstream patches to fix multiple security issues:
- cve-2020-13112.patch: Fix MakerNote tag size overflow issues at
read time (CVE-2020-13112) (Closes: #961407).
- cve-2020-13113.patch: Ensure MakerNote data pointers are
NULL-initialized (CVE-2020-13113) (Closes: #961409).
- cve-2020-13114.patch: Add a failsafe on the maximum number of
Canon MakerNote subtags to catch extremely large values in tags
(CVE-2020-13114) (Closes: #961410).
* Rebase other patches as needed.
Checksums-Sha1:
89d67f77d4f8053eadf6ad22498083b8a42cec19 2079 libexif_0.6.21-9.dsc
25c05c216135b679a6a6796166180737f793f3e7 18460 libexif_0.6.21-9.debian.tar.xz
8f971cb941e46c666e586a20ad2630f4cb3205b5 7950 libexif_0.6.21-9_source.buildinfo
Checksums-Sha256:
b76825789755072ae83901ddcff76cd5a66e0111dd5a7c16e86bac6996857936 2079
libexif_0.6.21-9.dsc
cc293153448ad580458db6e1e97b0386c75e9e54c858a00dbf4041168db60480 18460
libexif_0.6.21-9.debian.tar.xz
08bd16d04a38cf54b964d24112c13b784d7f0f05ef1560a26689f4d7f94bcf66 7950
libexif_0.6.21-9_source.buildinfo
Files:
0fa6bc15475d5cef65a227df12b32cfd 2079 libs optional libexif_0.6.21-9.dsc
52fed4387cddc0f48fc9c6c3f329f893 18460 libs optional
libexif_0.6.21-9.debian.tar.xz
92df9fe75d54b3d47fa0a3dcf42389bc 7950 libs optional
libexif_0.6.21-9_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl7PxWAACgkQmvRrMCV3
GzEMow//SygkF4ly67ieBA0UTBEGpKdZYfcAm1fNut75YezSaQy/DGatjNFGTICQ
qCgjeOap4XDWfwMnYtKmlO9pmv/6Gvpa2YDNnCHDlpf8V61HvzoVIZUhzF20Dkmu
4BtAC0CRejUV/g6eaO4UQ5SiklhQXcnBzc+cHPo5rT/Xt7qhTIHho8+9/1KAJxr2
fb7dCnDdEiZ8l1ghWdRXjbqS+h+MxlcA7x0AQEyGXt+3QfOTvzbYJcx723WWWhvT
hy86FUdhiqs7bFDr7W2fW0M3w8AUiDcWc0CdCNZvCoYWdOgp38zJ6mGc1ZXv9zRw
QGBYksaXtyaQLjsE5M0qxRsKZnXaaTw0U62hZ5teSg0Au9wVuy7wttvjui5mzaNX
lqLZRkyqjOuZB22xexEOnUxN1YVyV+XIw6YMIdekhpCDkRnL3KiK3ZHg/7mRfUH5
jt/Z9pek4JoIcezGEG5dZg4HY5AlvQm/IB9Z323/1bDyZHQYsRfTiGmAXFwZLTby
peZAA9hKK15qBmzXcG0tTQfoH+35wiI/zKibcpvPWO4QJ8JBIk2rrvkK3GNBiXTc
iCLyfHmk/WQ6tKs3vhFqDmdWh7B4/zLnshUyH3yZT3Q/zOtTpTbhZAIokCV11BLQ
hE6r9Unj6X07K/R3Rov2cnvBnW8maLMnqzrclRf2oLf5nhO9Ne0=
=uljN
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-phototools-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-phototools-devel
