Your message dated Sat, 13 Jun 2020 15:23:54 +0000
with message-id <[email protected]>
and subject line Bug#962345: fixed in libexif 0.6.22-2
has caused the Debian Bug report #962345,
regarding CVE-2020-0198
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libexif
Severity: important
The latest Android security bulletin for Pixel phones included a patch for
libexif,
which was assigned CVE-2020-0198:
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16
The patch in their repo is from March, but doesn't appear to have been merged
into the libexif tree yet (not sure if it was actually submitted or not).
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.22-2
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 13 Jun 2020 18:01:44 +1000
Source: libexif
Architecture: source
Version: 0.6.22-2
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Closes: 962345
Changes:
libexif (0.6.22-2) unstable; urgency=medium
.
* Add upstream patch to fix an unsigned integer overflow in
libexif/exif-data.c (CVE-2020-0198) (Closes: #962345).
Checksums-Sha1:
38c11ca74ab2a5389e808cc24d5ccecd454f2948 2079 libexif_0.6.22-2.dsc
f84b17368ac63f688197a44a229e3703fd1c806c 12016 libexif_0.6.22-2.debian.tar.xz
a183b876520fa992e5dd9940eb60e8a5a06e98f6 7674 libexif_0.6.22-2_amd64.buildinfo
Checksums-Sha256:
6d8a8c0c987b610959c250c912e4995103de141178a7ddb2030f9e8c6f22baf1 2079
libexif_0.6.22-2.dsc
bfb1beff5dcff9aadaef3bbeb5592a1f20d7d66a75161c56bfa53c433655f0b8 12016
libexif_0.6.22-2.debian.tar.xz
9608bf305e69b671642302d6f81936e38c0435954086ebebd9886ac06dac407c 7674
libexif_0.6.22-2_amd64.buildinfo
Files:
54831dc6619091f6d15950bf7eb595e1 2079 libs optional libexif_0.6.22-2.dsc
7362eb19cc3e22574cefbb6b4b896759 12016 libs optional
libexif_0.6.22-2.debian.tar.xz
109f97fc06b0363b01f3794832a3bea1 7674 libs optional
libexif_0.6.22-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7k6t0ACgkQgj6WdgbD
S5Z6JRAAmI2x2o2WpxG54RyrXLXCrm1NUl5TVW58Ea1ijazp0orjAy3Qmys575dv
Z5Xr1/pKseBssBSuW5u47tsRCOwJaaZuNhMCbDsrxOm2RsaVsSDAXmKdqoNkeV7q
AjFlu/Fy+Kbs5dR+T0BoqFRE2UcmThLnkQJdtwbgpqAKYy01Ohiuz4d9IvmHmPsP
iCSZhz8yyLBNaXlKNzma1xTZZcoj7Rs9QXy8nL2Ls02foB60zr8m65TP/ixZLhMm
x1w0hm7PYO6/wtZalGxaI0SfoUYaXz9LNIjPJGHpsgL4TQEw5tTfkmnZHYPyq6lE
tCMaEDULtfX7iFbqrwxHxVE2LLMs7/Ns74uOTIrqNVjwYv5LileXxa8/t8KxOrqD
2sKG+quBzdvwgHrjOgzaEM3wqweMZhqJLjA5DxWFvWpTcnR8L6zVU7xr1J66z4Oa
pUYNFXfSlRKbDOh5eGEVblyYKVrHWiT7eJzlIQRTnp5CrQCnYcVv+LlJ7uNwKf8G
mdksMcea42kk/DShAgxlc2jmmC90o9ZxGBfu9f6/I72+EjZMxPEDbuC85gKOEiu3
3GK2TmngLp+IgXOD+KpuD36sFrjA10cE8pyyngqh/e/rpCQBzPm1iBN3Ae3f9Sd7
fq2vIBmn28HGEUdXZHZhn+OKibB8dpqg2+TiuQfvSCetr9ERjzU=
=bTLU
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-phototools-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-phototools-devel
