Your message dated Sat, 30 May 2020 19:17:47 +0000
with message-id <[email protected]>
and subject line Bug#961409: fixed in libexif 0.6.21-2+deb9u3
has caused the Debian Bug report #961409,
regarding libexif: CVE-2020-13113
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
961409: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961409
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libexif
Version: 0.6.21-8
Severity: important
Tags: security upstream
Control: found -1 0.6.21-7
Control: found -1 0.6.21-5.1+deb10u1
Control: found -1 0.6.21-5.1
Control: found -1 0.6.21-2+deb9u1
Control: found -1 0.6.21-2
Hi,
The following vulnerability was published for libexif.
CVE-2020-13113[0]:
| An issue was discovered in libexif before 0.6.22. Use of uninitialized
| memory in EXIF Makernote handling could lead to crashes and potential
| use-after-free conditions.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-13113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13113
[1]
https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.21-2+deb9u3
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 25 May 2020 21:28:10 +1000
Source: libexif
Architecture: source
Version: 0.6.21-2+deb9u3
Distribution: stretch
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 961407 961409 961410
Changes:
libexif (0.6.21-2+deb9u3) stretch; urgency=medium
.
* Add upstream patches to fix multiple security issues:
- cve-2020-13112.patch: Fix MakerNote tag size overflow issues at
read time (CVE-2020-13112) (Closes: #961407).
- cve-2020-13113.patch: Ensure MakerNote data pointers are
NULL-initialized (CVE-2020-13113) (Closes: #961409).
- cve-2020-13114.patch: Add a failsafe on the maximum number of
Canon MakerNote subtags to catch extremely large values in tags
(CVE-2020-13114) (Closes: #961410).
Checksums-Sha1:
5fcd1685467c4ee4c3de89eaa068bb4e02e318f3 2098 libexif_0.6.21-2+deb9u3.dsc
970bfb3584be42b977b7f997a0b4efee5a7bd230 15568
libexif_0.6.21-2+deb9u3.debian.tar.xz
5910faff854b8a04d57ce2a846edc288750bba2e 7966
libexif_0.6.21-2+deb9u3_source.buildinfo
Checksums-Sha256:
fa919cb83dbfe23ca0bcef45676f7f6272b7bc2082eeb7f8708f84534ea4ead2 2098
libexif_0.6.21-2+deb9u3.dsc
29d04548c7a0d4ec4efd5d7bbd757503f849c01e2edc4f8a07e266283e41fc49 15568
libexif_0.6.21-2+deb9u3.debian.tar.xz
c37540124228e41419e2c4f269221d1f3053f332b5b20fb81d8b3b3030782c7b 7966
libexif_0.6.21-2+deb9u3_source.buildinfo
Files:
56a314543f1f5fa0b6dabcb04f09492a 2098 libs optional libexif_0.6.21-2+deb9u3.dsc
8c2cff5b571cc8ba2ee888bb5c4786bb 15568 libs optional
libexif_0.6.21-2+deb9u3.debian.tar.xz
f2fa8ef0542794ee333a41bd9cd66472 7966 libs optional
libexif_0.6.21-2+deb9u3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl7Pxd4ACgkQmvRrMCV3
GzHcwQ/9G0nCZOhlFH01wQNceS/R1E0IF/rbuXZj3XeVApy1U6IVMBWa9/Bvglth
PsO2elvAEZlo7bYD7QzX3WC0kObXfM197uY00Oa+oXicCC7V7ptkd47QE5gMhxlt
Lje6zyfgxZU23pp8GZSI+2m6DQbPYm2JykTdzp3IdJOvdLGPxYpI4OkJWrHq5HXT
Kg75qjGe5lopyv1A7kMHDaw440vK/7p+/EZrSKvesAwDMistpp5O4PuVUc8kff4N
BDCWzRhAe/LNOTtm8PGrKSjxy5A8+40xUImibG/DQRWPFFoz8YcHI8WNloHO6HRR
d9SGCu9gEZhtSQj9Bk54wGlguqZhkoNSdHXWr/8dRvSLIPlXOUgdIMEdyK7iFHHA
2oY7fHwpE8Q8VLgafmEVSyzaBH6OhYQpi1dDX/vttfYdj64NB3Oj4OxkzWPrbFK4
D3p86bfZfeWwgMLMovfpqXVYDizWUb6jxTJOy8v0RH4ZPu9n2UTI2VYda7yqnjkG
Iuf//uequImfHc87dvFAsCqKLFomMVl4UcmxTBfH2/SGrI/LTsLgq9RaYXj0FqYH
Pxs3iEozks9AkF2XQ3Oo+GUm9NaBcFuaJrDctd9b2merYL1GPXNoiiJGZsr+Qoiv
jiCWcRrsxtkn7H3XsBHQ6UZoNzj77X1WJm3XW2r6JQB6lEkeaig=
=GHxL
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-phototools-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-phototools-devel
