exempi (2.5.0-2+deb10u1) buster-security; urgency=medium * Non-maintainer upload by the LTS Security Team. * Fix CVE-2020-18651: A Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue allows remote attackers to cause a denial of service * Fix CVE-2020-18652: A Buffer Overflow vulnerability in WEBP_Support.cpp allows remote attackers to cause a denial of service * Fix as per bulletin APSB21-65: - CVE-2021-36045: an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. - CVE-2021-36046: a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current use - CVE-2021-36047: an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current use - CVE-2021-36048: Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user - CVE-2021-36050: a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user - CVE-2021-36051: a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user - CVE-2021-36052: a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user - CVE-2021-36053: an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory - CVE-2021-36054: a buffer overflow vulnerability potentially resulting in local application denial of service - CVE-2021-36055: a use-after-free vulnerability that could result in arbitrary code execution - CVE-2021-36056: a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. - CVE-2021-36057: a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user. - CVE-2021-36058: an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. - CVE-2021-36064: a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user - CVE-2021-39847: a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. -- Bastien Roucariès Sun, 24 Sep 2023 16:28:18 +0000 exempi (2.5.0-2) unstable; urgency=medium * Upload to unstable -- Michael Biebl Wed, 09 Jan 2019 16:22:23 +0100 exempi (2.5.0-1) experimental; urgency=medium * New upstream version 2.5.0 - CVE-2018-12648: fix null-pointer-dereference in WEBP_Support. * Drop unaligned-access.patch, applied upstream * Rename library package for 3 → 8 soname bump * Use debhelper-compat (= 12) Build-Depends and drop debian/compat * Bump Standards-Version to 4.3.0 * Bump shlibs version to 2.5.0 -- Michael Biebl Mon, 07 Jan 2019 00:02:56 +0100 exempi (2.4.5-2) unstable; urgency=medium * Team upload [ Steve Langasek ] * Add debian/patches/unaligned-access.patch: use alignment-safe copy on ARM on Linux, not just on iOS. -- Jeremy Bicha Sun, 18 Mar 2018 21:00:07 -0400 exempi (2.4.5-1) unstable; urgency=medium * New upstream version 2.4.5 with various CVE fixes. (Closes: #892782) - CVE-2018-7730: fix a buffer overflow in the PSD parser. - CVE-2018-7728: fix a buffer overflow in the TIFF parser. - CVE-2018-7729: fix a buffer overflow in PostScript parser. - CVE-2018-7731: fix a null dereference in WEBP parser. * Enable all hardening build flags -- Michael Biebl Wed, 14 Mar 2018 14:36:25 +0100 exempi (2.4.4-1) unstable; urgency=medium * New upstream version 2.4.4 -- Michael Biebl Mon, 05 Feb 2018 01:34:15 +0100 exempi (2.4.3-2) unstable; urgency=medium * Set Rules-Requires-Root to no * Update Vcs-* to point to salsa.debian.org (gitlab) * Bum Standards-Version to 4.1.3 * Bump debhelper compat level to 11 * Switch to dh_missing and abort on uninstalled files -- Michael Biebl Sun, 14 Jan 2018 19:32:53 +0100 exempi (2.4.3-1) unstable; urgency=medium * New upstream version 2.4.3 * Bump Standards-Version to 4.0.0 -- Michael Biebl Tue, 08 Aug 2017 20:22:26 +0200 exempi (2.4.2-1) unstable; urgency=medium * New upstream release. -- Michael Biebl Sat, 04 Feb 2017 01:07:11 +0100 exempi (2.4.1-1) unstable; urgency=medium * New upstream release * Update Vcs-* according to the latest recommendation -- Michael Biebl Mon, 23 Jan 2017 23:53:38 +0100 exempi (2.4.0-1) unstable; urgency=medium * New upstream release. * Bump debhelper compat level to 10 * Bump Standards-Version to 3.9.8 * Bump shlibs version to 2.4.0 -- Michael Biebl Mon, 09 Jan 2017 00:19:27 +0100 exempi (2.3.0-2) unstable; urgency=medium * Run wrap-and-sort -at. * Bump shlibs version to 2.3.0 for the new API that was added. -- Michael Biebl Sun, 20 Mar 2016 23:01:44 +0100 exempi (2.3.0-1) unstable; urgency=medium * New upstream release. * Rebase patches. * Drop libexempi3-dbg now that we have automatic dbgsym packages. * Ensure proper upgrade from libexempi3-dbg to new dbgsym packages by using dh_strip --dbgsym-migration. Bump Build-Depends on debhelper accordingly. * Bump Standards-Version to 3.9.7. * Use https:// for upstream homepage. -- Michael Biebl Fri, 18 Mar 2016 22:42:29 +0100 exempi (2.2.2-2) unstable; urgency=medium * Fix an out of bounds access when reading tag. Patch cherry-picked from upstream Git. (Closes: #784631) -- Michael Biebl Mon, 11 May 2015 03:34:01 +0200 exempi (2.2.2-1) unstable; urgency=medium * New upstream release. * Update watch file to also track .bz2 and .xz tarballs. * Add cryptographic signature verification for upstream tarball. * Bump Standards-Version to 3.9.6. No further changes. * Update Vcs-Browser URL to use cgit and https. -- Michael Biebl Fri, 08 May 2015 23:23:40 +0200 exempi (2.2.1-2) unstable; urgency=medium [ Wookey ] * Use dh-autoreconf during the build to support new architectures (Closes: #727296) [ Michael Biebl ] * Use canonical URIs for Vcs-* fields. * Bump Standards-Version to 3.9.5. No further changes. * Exclude libtool .la files from list-missing. -- Michael Biebl Mon, 23 Jun 2014 14:28:34 +0200 exempi (2.2.1-1) unstable; urgency=low * Remove Asheesh from Maintainer and move myself from Uploaders to Maintainer. Thanks Asheesh! * New upstream release. * Use --list-missing to show uninstalled files. * Bump Standards-Version to 3.9.4. No further changes. * Add a new binary package exempi, which contains the exempi command line utility. -- Michael Biebl Sun, 30 Jun 2013 08:02:39 +0200 exempi (2.2.0-1) unstable; urgency=low * New upstream release. * Switch to source format 3.0 (quilt) - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk include. - Remove debian/README.source. * Move from cdbs to dh - Drop Build-Depends on cdbs. - Bump Build-Depends on debhelper to (>= 7.0.50~) for override targets. - Convert debian/rules to use dh. * Bump Standards-Version to 3.9.2. No further changes. * Don't use brace expansion in .install files. * Bump shlibs due to API additions. * Bump debhelper compatibility level to 9, which enables hardening build flags and multiarch support. * Mark libexempi3, libexempi3-dev and libexempi-dev as Multi-Arch: same. -- Michael Biebl Wed, 22 Feb 2012 14:57:56 +0100 exempi (2.1.1-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.2. No further changes. - Change section of libexempi3-dbg to debug. * debian/rules - Remove DEB_DH_INSTALL_SOURCEDIR, no longer required with debhelper v7 compat mode. * debian/patches/01-gcc_4.4_missing_includes.patch - Removed, merged upstream. -- Michael Biebl Wed, 01 Jul 2009 15:28:19 +0200 exempi (2.1.0-3) unstable; urgency=low * Merge changes from experimental branch. * debian/compat - Bump to debhelper v7 compat mode. * debian/control - Bump Build-Depends on debhelper to (>= 7). -- Michael Biebl Mon, 16 Feb 2009 00:44:01 +0100 exempi (2.1.0-2) experimental; urgency=low * debian/control - Update Vcs-* headers. Package is now managed with Git on git.debian.org. -- Michael Biebl Wed, 28 Jan 2009 21:27:36 +0100 exempi (2.1.0-1) experimental; urgency=low * New upstream release. * debian/control - Add Build-Depends on zlib1g-dev. - Add ${misc:Depends} to all binary packages. * debian/patches/01-gcc_4.4_missing_includes.patch - Refreshed and updated to the latest code changes. * debian/libexempi3.shlibs - Add shlibs file and set it to (>= 2.1.0) due to API additions. -- Michael Biebl Sun, 28 Dec 2008 21:56:13 +0100 exempi (2.0.2-2) unstable; urgency=low * Switch patch management system to quilt. * debian/control - Add Build-Depends on quilt. * debian/rules - Include patchsys-quilt.mk cdbs rules file. * debian/README.source - Document the usage of quilt as patch management system and refer to the quilt documentation for further information. * debian/patches/01-gcc_4.4_missing_includes.patch - Add missing includes to fix FTBFS with GCC 4.4. (Closes: 504944) Thanks to Martin Michlmayr for the patch. -- Michael Biebl Sat, 08 Nov 2008 15:30:52 +0100 exempi (2.0.2-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.0. No further changes. -- Michael Biebl Sun, 24 Aug 2008 01:27:18 +0200 exempi (2.0.1-1) unstable; urgency=low * New upstream release. * debian/libexempi-dev.install - No longer install the libtool *.la file. -- Michael Biebl Tue, 29 Apr 2008 03:50:56 +0200 exempi (2.0.0-1) unstable; urgency=low * New upstream release. -- Michael Biebl Wed, 02 Apr 2008 06:21:58 +0200 exempi (1.99.9-1) unstable; urgency=low * New upstream release. * debian/control - Remove leading article from short package description. -- Michael Biebl Sat, 02 Feb 2008 04:54:26 +0100 exempi (1.99.8-1) unstable; urgency=low * New upstream release. * debian/patches/01-configure_unittest.patch - Removed, merged upstream. * debian/patches/02-buffer_overflow_gif_header.patch - Removed, merged upstream. -- Michael Biebl Sat, 26 Jan 2008 21:45:01 +0100 exempi (1.99.7-1) unstable; urgency=medium * New upstream release. - Adds missing #includes which fixes FTBFS with GCC 4.3. (Closes: #456087) * debian/control - Bump Standards-Version to 3.7.3. No further changes required. - Drop Build-Depends on libboost-dev. - Make the -dbg package be Priority: extra. * debian/rules - Disable compilation of the unit tests. * debian/patches/01-configure_unittest.patch - Make compilation of the unit tests (which require boost) optional. Patch is pulled from upstream git. * debian/patches/02-buffer_overflow_gif_header.patch - Fix a buffer overflow in the ReadHeader() function when reading GIF images. This poses a security risk as it allows arbitrary code execution. Upload with urgency medium. (Closes: #454297) Thanks to Sjoerd Simons for the help tracking this bug down. -- Michael Biebl Thu, 24 Jan 2008 01:39:45 +0100 exempi (1.99.5-1) unstable; urgency=low * New upstream release. * debian/control - Use the new "Homepage:" field to specify the upstream URL. - The Vcs-* fields are now officially supported, so remove the XS- prefix. * SONAME bump as ABI has changed. Rename package libexempi2 to libexempi3. -- Michael Biebl Wed, 07 Nov 2007 15:29:59 +0100 exempi (1.99.4-1) unstable; urgency=low * New upstream release. -- Michael Biebl Sun, 26 Aug 2007 00:18:41 +0200 exempi (1.99.3-1) unstable; urgency=low * Initial release. (Closes: #438166) -- Asheesh Laroia Wed, 15 Aug 2007 05:20:40 +0200