Your message dated Fri, 03 Jul 2020 19:02:29 +0000
with message-id <[email protected]>
and subject line Bug#962345: fixed in libexif 0.6.21-2+deb9u4
has caused the Debian Bug report #962345,
regarding CVE-2020-0198
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libexif
Severity: important
The latest Android security bulletin for Pixel phones included a patch for
libexif,
which was assigned CVE-2020-0198:
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16
The patch in their repo is from March, but doesn't appear to have been merged
into the libexif tree yet (not sure if it was actually submitted or not).
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.21-2+deb9u4
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 24 Jun 2020 23:25:22 +1000
Source: libexif
Binary: libexif-dev libexif12
Architecture: source amd64
Version: 0.6.21-2+deb9u4
Distribution: stretch
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif12 - library to parse EXIF files
Closes: 962345
Changes:
libexif (0.6.21-2+deb9u4) stretch; urgency=medium
.
* Add upstream patches to fix two security issues:
- Fix a buffer read overflow in exif_entry_get_value() (CVE-2020-0182).
- Fix an unsigned integer overflow in libexif/exif-data.c (CVE-2020-0198)
(Closes: #962345).
Checksums-Sha1:
3bf7f84f3e0e0ea01eecdbb1ef7c00957f4bc544 2098 libexif_0.6.21-2+deb9u4.dsc
4106f02eb5f075da4594769b04c87f59e9f3b931 2081615 libexif_0.6.21.orig.tar.gz
f0c75d8997a02fdd1c2eefd6ffffb3606a39f32d 16296
libexif_0.6.21-2+deb9u4.debian.tar.xz
cbfe9bb8db089c5d97765caf28c67799d419d8bc 341678
libexif-dev_0.6.21-2+deb9u4_amd64.deb
de530cb8da1e01fd0f7e0573b8d816a5ad1db1e8 115682
libexif12-dbgsym_0.6.21-2+deb9u4_amd64.deb
12105cba07e882d6f40811c998753e157291a205 324320
libexif12_0.6.21-2+deb9u4_amd64.deb
326c80f16477882ccb0733b4dd33add4df0c88c5 7991
libexif_0.6.21-2+deb9u4_amd64.buildinfo
Checksums-Sha256:
4812b8a88cf3a6bbb2794497effc98af6e60b9dfbdcad2ea9d1aaf96a7328d14 2098
libexif_0.6.21-2+deb9u4.dsc
edb7eb13664cf950a6edd132b75e99afe61c5effe2f16494e6d27bc404b287bf 2081615
libexif_0.6.21.orig.tar.gz
7cfbf1f2a33ea0ac85292aedae2708337de529be0f43f4303da5348b353b9b93 16296
libexif_0.6.21-2+deb9u4.debian.tar.xz
e81030c2cadd795a122432bd0eb877ce08088a145c91408b76756d0cca86cdfa 341678
libexif-dev_0.6.21-2+deb9u4_amd64.deb
b4d2467aa2ef431afd692ed6b20ff898281a22dd17c2607321fa1358cfc6ea9e 115682
libexif12-dbgsym_0.6.21-2+deb9u4_amd64.deb
505ea3d8689c3ca24beba9b28c3e8496809ae5143bed6f181a3da7b37a4bf7e6 324320
libexif12_0.6.21-2+deb9u4_amd64.deb
0464eb2ec8ec7eb9590bae255556d2c65cc4afbbdc19c748f52d7b5f1aa7954e 7991
libexif_0.6.21-2+deb9u4_amd64.buildinfo
Files:
c2bc76772c251cc97ce02a45e56195fb 2098 libs optional libexif_0.6.21-2+deb9u4.dsc
9321c409a3e588d4a99d63063ef4bbb7 2081615 libs optional
libexif_0.6.21.orig.tar.gz
e286b02c57d49b8ab0d6315b828aff9c 16296 libs optional
libexif_0.6.21-2+deb9u4.debian.tar.xz
04bd2e46350cdca919625965eb596dec 341678 libdevel optional
libexif-dev_0.6.21-2+deb9u4_amd64.deb
b723a0af5e4751cdc5f7702de17a2063 115682 debug extra
libexif12-dbgsym_0.6.21-2+deb9u4_amd64.deb
d9cb5a7a9df26c83384289b600bdb260 324320 libs optional
libexif12_0.6.21-2+deb9u4_amd64.deb
d7637af19c873be35bec8e9776e51868 7991 libs optional
libexif_0.6.21-2+deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl70jykACgkQgj6WdgbD
S5YMMQ//X97FdZtICdFyfJ5aaTKy4xz7uNJSJNn/NZULHxmHRf9DeFU+/F1gvwis
asiAEo5QBsOWh5SvBGak64fk7k1ytiFl6Z6aPi0oVZZcU3mAh1oFR/YKuikU1c4F
HmfR62BTZkV2IMozW9Y4QrP92BCu1UBJO+qUia2atetw62CxOEcMn+Uerj7N/YXJ
CGbPr5CBlBcOk7HwgzhkvSwetRFtCg5KGfNCXwh0TPdG10K9CQHCcs6pO0DMU7k0
ql9ms+2zsHJW0suvU9HHrG2Az0WLxpg6VCudG77TtIFkhW1lPWxi/3pZJC+FZvNg
xshlLyROYqkDAI16B+f+SCTtFZ4Q6ofLPK24FD85yMWZfgNXZFTYLV78Yv69rqvL
qBHPhsivs2wCCE/nYurxNRIPrY4YPRVyIe+qQIsUMcuJA7yAu/cU5N3LUuM2zEHh
uqXNM/QwH7WfWg5oDfS0vM5eOOP7r/ATP01RnquBVOkOHMZTn3Iu2MVkWp+d+4av
AOF2QhsE3KLd+AkbepuxoTEUu725Dqks4wN0/7kiGXrbJGuRwhBs1O3FkiicJOSa
b8KuBeqs21W+dBH5hLKF/oh+fYEfXUKWtpECU/pZWgOWS7yILVsdIhmW437DDyLU
m6r4PKkxKv6HujLXNKi/zRvTphGzjKf0Ptdf15Vw5cxxUG1J7kw=
=+xCR
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-phototools-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-phototools-devel
