Your message dated Thu, 09 Jul 2020 19:32:09 +0000
with message-id <[email protected]>
and subject line Bug#962345: fixed in libexif 0.6.21-5.1+deb10u4
has caused the Debian Bug report #962345,
regarding CVE-2020-0198
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
962345: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962345
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libexif
Severity: important
The latest Android security bulletin for Pixel phones included a patch for
libexif,
which was assigned CVE-2020-0198:
https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16
The patch in their repo is from March, but doesn't appear to have been merged
into the libexif tree yet (not sure if it was actually submitted or not).
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.21-5.1+deb10u4
Done: Hugh McMaster <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hugh McMaster <[email protected]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 24 Jun 2020 23:31:09 +1000
Source: libexif
Binary: libexif-dev libexif-doc libexif12 libexif12-dbgsym
Architecture: source amd64 all
Version: 0.6.21-5.1+deb10u4
Distribution: buster
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Hugh McMaster <[email protected]>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif-doc - library to parse EXIF files (documentation)
libexif12 - library to parse EXIF files
Closes: 962345
Changes:
libexif (0.6.21-5.1+deb10u4) buster; urgency=medium
.
* Add upstream patches to fix two security issues:
- Fix a buffer read overflow in exif_entry_get_value() (CVE-2020-0182).
- Fix an unsigned integer overflow in libexif/exif-data.c (CVE-2020-0198)
(Closes: #962345).
Checksums-Sha1:
6bd795c592dbd416936b21d6331c7b04e9c5d44d 2149 libexif_0.6.21-5.1+deb10u4.dsc
4106f02eb5f075da4594769b04c87f59e9f3b931 2081615 libexif_0.6.21.orig.tar.gz
25bfe57bb983be8ddf5e8b11d15792ca9bc92e3b 18172
libexif_0.6.21-5.1+deb10u4.debian.tar.xz
43300d37b7558ee0870930b8cdf9366700fc2749 112832
libexif-dev_0.6.21-5.1+deb10u4_amd64.deb
2904be81f0601fcb3f06b0c2f3c9969a4d7d4f3b 277372
libexif-doc_0.6.21-5.1+deb10u4_all.deb
3c226fcec5e5e3aee50f0292d94fbefb3a1c8989 135912
libexif12-dbgsym_0.6.21-5.1+deb10u4_amd64.deb
8113d53dc73c1cd8cffbeede097ca0947ef94a2b 325152
libexif12_0.6.21-5.1+deb10u4_amd64.deb
fa6bcad065c45a8161a0af505109f76c140ab8eb 7946
libexif_0.6.21-5.1+deb10u4_amd64.buildinfo
Checksums-Sha256:
d6a15e1bb2dcf1d208af37b161f7826ca743adb8af1e6cc69f0c8a8d0e58cc05 2149
libexif_0.6.21-5.1+deb10u4.dsc
edb7eb13664cf950a6edd132b75e99afe61c5effe2f16494e6d27bc404b287bf 2081615
libexif_0.6.21.orig.tar.gz
13bfef4427198fb657af8c4bd103d008ba8f4928337ad6994481aae023c88b52 18172
libexif_0.6.21-5.1+deb10u4.debian.tar.xz
a5f697e627309d583d90181a4d6a00a4d51ea5ba57427637b60ce68fda7229a9 112832
libexif-dev_0.6.21-5.1+deb10u4_amd64.deb
7f3dd1e338c02df6018358874c31db0098094730993980194f480bd51501e8e1 277372
libexif-doc_0.6.21-5.1+deb10u4_all.deb
07250f1f319d0cae3c8a24148da1a0ef31832d3c590cdc23f18be47e1c4b2bea 135912
libexif12-dbgsym_0.6.21-5.1+deb10u4_amd64.deb
8e1ae4480ddda15ef9855281f950123419ccb1990120f41316a9ffa8dccb3be0 325152
libexif12_0.6.21-5.1+deb10u4_amd64.deb
b9016af46f5d39f0c6d73caf2af033a3c267bcf93d7c36ff17229caec9a442d1 7946
libexif_0.6.21-5.1+deb10u4_amd64.buildinfo
Files:
102d0b46f89f2d35e039d8e1bef3c33b 2149 libs optional
libexif_0.6.21-5.1+deb10u4.dsc
9321c409a3e588d4a99d63063ef4bbb7 2081615 libs optional
libexif_0.6.21.orig.tar.gz
7a7fef1cf738b915b79cda28b47e75d5 18172 libs optional
libexif_0.6.21-5.1+deb10u4.debian.tar.xz
7b081dd53a6bdc437a34300c77059894 112832 libdevel optional
libexif-dev_0.6.21-5.1+deb10u4_amd64.deb
d00409ea5c44c2fde6e886cbed43b129 277372 doc optional
libexif-doc_0.6.21-5.1+deb10u4_all.deb
e5d656166ffb82ed24f26992c150556b 135912 debug optional
libexif12-dbgsym_0.6.21-5.1+deb10u4_amd64.deb
f101abea466d9139effaa54c93701876 325152 libs optional
libexif12_0.6.21-5.1+deb10u4_amd64.deb
fc20ccb60a9cb7478b3d115fb80917fd 7946 libs optional
libexif_0.6.21-5.1+deb10u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl70kA0ACgkQgj6WdgbD
S5bcOhAApfuVPBgkhw1zVmNVIgEQjTy9egyOwGSR+g66+lRtDcWmjHqeqfWvTzXV
KvHsZbXI5NI8QaHPwcmuOHwk7E6wWojRY6BRHiMj02WK8Tzpg0oyabGgOx2CiB1P
8LMomotkWYEAY8QRhXXxB0SQgObj5tSxEV670skw91y4rrckkA1YQXf7BoeTIDrG
tTDj8TBxNnnu4Amm0Y5LimUAsUqkKYEzWuDFTQksghEHTHu+u1C9sg9FynQWpVAc
mcaCPySZApcQWvC85RUG7l0QqVNaFSzPXfSEMjMLYicEJ+g/EF+KTZ28GvRYkAlJ
uHf+NcNLn0QwQMU6l13z0br3/HgPE/8rU/6pyoC4MBIAT/2I+Mcj1IAtG7F+1SV6
LFua1UfYnNzqLrtuBce4MoDQNBvGzbjIWBXBDvcvhKFPQdk+TAjq3K9Xldr9e1HF
maEQvKvibi3CE7BvztQMtAHjaJvXh4hkR/uU45PEjXzx8ND4kfSznLY7DgUiaBJC
HQJmv3Nt0CE7dNoY5UgKeoov4Vt7F65optF7LE/EPLxPAY1udzwGPofyvXKZGRZQ
gFMlnj1uTKbRR5gkF+c+DHS11Tf7sb+PuAXRgECVT30JVSAV0mLRNQPjVZ0YE5o3
+GMeGBc4TW50JpD3dLSm3bD/tKMu05gtJEdvqSkru7i7cx+fmSk=
=WeiP
-----END PGP SIGNATURE-----
--- End Message ---
--
Pkg-phototools-devel mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-phototools-devel
