-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Feb 2019 19:03:02 +0100 Source: exiv2 Binary: exiv2 libexiv2-13 libexiv2-dev libexiv2-doc libexiv2-dbg Architecture: source amd64 all Version: 0.24-4.1+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: exiv2 - EXIF/IPTC metadata manipulation tool libexiv2-13 - EXIF/IPTC metadata manipulation library libexiv2-dbg - EXIF/IPTC metadata manipulation library - debug libexiv2-dev - EXIF/IPTC metadata manipulation library - development files libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation Changes: exiv2 (0.24-4.1+deb8u3) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-17581 A stack overflow due to a recursive function call causing excessive stack consumption which leads to Denial of service. * CVE-2018-19107 A heap based buffer over-read caused by an integer overflow could result in a denial of service via a crafted file. * CVE-2018-19108 There seems to be an infinite loop inside a function that can be activated by a crafted image. * CVE-2018-19535 A heap based buffer over-read caused could result in a denial of service via a crafted file. * CVE-2018-20097 A crafted image could result in a denial of service. Checksums-Sha1: 1abe31f8630c43b845a03448f44e06883b501d37 2454 exiv2_0.24-4.1+deb8u3.dsc 2f19538e54f8c21c180fa96d17677b7cff7dc1bb 4635028 exiv2_0.24.orig.tar.gz e01772d1f7972ad3c432ccfd23b5c43756407503 20536 exiv2_0.24-4.1+deb8u3.debian.tar.xz 75fdeea4db956f46b7ff4abfb6ba8880240bc9f4 94924 exiv2_0.24-4.1+deb8u3_amd64.deb c0e1f29099ef1433e3bce1ccd6239a7dbcd1ba5b 729692 libexiv2-13_0.24-4.1+deb8u3_amd64.deb be3d7676e1cba30a55f30781974c035b0da6a830 1111080 libexiv2-dev_0.24-4.1+deb8u3_amd64.deb 51178af771e3ddd6febbd6ffb07417698c26676b 19091690 libexiv2-doc_0.24-4.1+deb8u3_all.deb fa58877616c7a5815cd52a74666654e4994a2102 5528704 libexiv2-dbg_0.24-4.1+deb8u3_amd64.deb Checksums-Sha256: 75cd868fdc2348af24cece8c2a6663fce8c0ef0296b5819eada67eb0fd7da388 2454 exiv2_0.24-4.1+deb8u3.dsc f4a443e6c7fb9d9f5e787732f76969a64c72c4c04af69b10ed57f949c2dfef8e 4635028 exiv2_0.24.orig.tar.gz ec3b36dc5e1d67106d318af34259cbf2791a4b87abfcbd74a650fc1deabb34c3 20536 exiv2_0.24-4.1+deb8u3.debian.tar.xz 6896335c111aae72e9efbeae81a79fa9cbb784bc356e1d0278fa5049d14fc02f 94924 exiv2_0.24-4.1+deb8u3_amd64.deb 72e62a47c071d47ffb20cdaedc8371829080ad2bc5f004a30bfeebdadaaa121f 729692 libexiv2-13_0.24-4.1+deb8u3_amd64.deb cd1fc591f15442e9c635912cd76c1f88a552e3aeb050523273d8c84aae0a584e 1111080 libexiv2-dev_0.24-4.1+deb8u3_amd64.deb d569372a5348e79bfa50fa4f82be3816843c8d9f3a8876708b57f30b7ade6190 19091690 libexiv2-doc_0.24-4.1+deb8u3_all.deb 07bd15c7ae7ee987bf50875638158d890560ae385b60875998bb12bbcb5bb6bb 5528704 libexiv2-dbg_0.24-4.1+deb8u3_amd64.deb Files: acfc0a22e96020fbf2db2003dc55e799 2454 graphics optional exiv2_0.24-4.1+deb8u3.dsc b8a23dc56a98ede85c00718a97a8d6fc 4635028 graphics optional exiv2_0.24.orig.tar.gz 0671d8c8a395aa0e8732251be282072d 20536 graphics optional exiv2_0.24-4.1+deb8u3.debian.tar.xz 74310da9adea2a8506d592733772b744 94924 graphics optional exiv2_0.24-4.1+deb8u3_amd64.deb 045233811953b2af6bc638afc50b3a99 729692 libs optional libexiv2-13_0.24-4.1+deb8u3_amd64.deb 3c4bea11a18df000fac54324b47c4581 1111080 libdevel optional libexiv2-dev_0.24-4.1+deb8u3_amd64.deb 5fb272f7e8861d595dccd5bc9eaf6918 19091690 doc optional libexiv2-doc_0.24-4.1+deb8u3_all.deb c07a9886275330724aa7287295180a9d 5528704 debug extra libexiv2-dbg_0.24-4.1+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlx1jRZfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR6FUEAC7CGVI329tIw0yn0Su4kTKcPmKyUZg ZkA40kwgSEPPYTO4sX6R4jK8ltyYIEpbe70wWzQ6xUwzEuN1IJQSq+CsbZI8RFnq gEyVFglBa+GUVQD+4058woz37VfgFKPLqAtNDaO0xISBuregWSc0TtXIK7XqEODS fkFaPjh2uG7mOxM+9Pnsr9CzdRVx61+32lZcGrw9Hs1+3Upyq30z8YFqREnhr+Zz vJTAx4tHINIVXknDOgB3MbrQgpFi0WKpSPxU7K1iJDooVW4cQxxsDokT5weVwEBU punQWHzJprmvKya15EQgf8POTgblA3t5KrnMzCDd1L8NDqBUPfs+FmHKiZSClzhK 9UG/DjMNW49cajoeM/E95/9UBJ8GONChXMHP+vl5cOQVF7wpa0hmKjYvQlSuxqEo qL1crV5CkZP+iGwG7KuBA5oQjVH6jQePG4mi/fmUTeiK09l1v8KXH6lemi3sSlne JB1pnQHxzRD+T7650RnBBuN4Ome6w59SmYP9O6WQsBkFaNdJgCsgamFj9qJA+1By VBUQiWGIPmJG5EYbeniGW4w7rdlknP/jKzuusQ2uo8C9maN7Cb7w6Nifv/IFqfB/ m0HTnOF6z2IGaZmTAvSiZuXJOmtyD+yhJ8T+sNyq0wzpjobX/UwrZbZyu1/PPEoa EIex+m0ps1/qWw== =iQ0g -----END PGP SIGNATURE-----
