Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted libexif 0.6.21-9 (source) into unstable
Date: Thu, 28 May 2020 14:34:01 +0000
Signed by: Mike Gabriel <sunweaver@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 28 May 2020 23:23:33 +1000
Source: libexif
Architecture: source
Version: 0.6.21-9
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Hugh McMaster <hugh.mcmaster@outlook.com>
Closes: 961407 961409 961410
Changes:
 libexif (0.6.21-9) unstable; urgency=medium
 .
   * Emmanuel Bouthenot has stepped down as an Uploader.
     - Thank you for maintaining libexif!
   * Add Hugh McMaster as an Uploader.
   * Add upstream patches to fix multiple security issues:
     - cve-2020-13112.patch: Fix MakerNote tag size overflow issues at
       read time (CVE-2020-13112) (Closes: #961407).
     - cve-2020-13113.patch: Ensure MakerNote data pointers are
       NULL-initialized (CVE-2020-13113) (Closes: #961409).
     - cve-2020-13114.patch: Add a failsafe on the maximum number of
       Canon MakerNote subtags to catch extremely large values in tags
       (CVE-2020-13114) (Closes: #961410).
   * Rebase other patches as needed.
Checksums-Sha1:
 89d67f77d4f8053eadf6ad22498083b8a42cec19 2079 libexif_0.6.21-9.dsc
 25c05c216135b679a6a6796166180737f793f3e7 18460 libexif_0.6.21-9.debian.tar.xz
 8f971cb941e46c666e586a20ad2630f4cb3205b5 7950 libexif_0.6.21-9_source.buildinfo
Checksums-Sha256:
 b76825789755072ae83901ddcff76cd5a66e0111dd5a7c16e86bac6996857936 2079 libexif_0.6.21-9.dsc
 cc293153448ad580458db6e1e97b0386c75e9e54c858a00dbf4041168db60480 18460 libexif_0.6.21-9.debian.tar.xz
 08bd16d04a38cf54b964d24112c13b784d7f0f05ef1560a26689f4d7f94bcf66 7950 libexif_0.6.21-9_source.buildinfo
Files:
 0fa6bc15475d5cef65a227df12b32cfd 2079 libs optional libexif_0.6.21-9.dsc
 52fed4387cddc0f48fc9c6c3f329f893 18460 libs optional libexif_0.6.21-9.debian.tar.xz
 92df9fe75d54b3d47fa0a3dcf42389bc 7950 libs optional libexif_0.6.21-9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl7PxWAACgkQmvRrMCV3
GzEMow//SygkF4ly67ieBA0UTBEGpKdZYfcAm1fNut75YezSaQy/DGatjNFGTICQ
qCgjeOap4XDWfwMnYtKmlO9pmv/6Gvpa2YDNnCHDlpf8V61HvzoVIZUhzF20Dkmu
4BtAC0CRejUV/g6eaO4UQ5SiklhQXcnBzc+cHPo5rT/Xt7qhTIHho8+9/1KAJxr2
fb7dCnDdEiZ8l1ghWdRXjbqS+h+MxlcA7x0AQEyGXt+3QfOTvzbYJcx723WWWhvT
hy86FUdhiqs7bFDr7W2fW0M3w8AUiDcWc0CdCNZvCoYWdOgp38zJ6mGc1ZXv9zRw
QGBYksaXtyaQLjsE5M0qxRsKZnXaaTw0U62hZ5teSg0Au9wVuy7wttvjui5mzaNX
lqLZRkyqjOuZB22xexEOnUxN1YVyV+XIw6YMIdekhpCDkRnL3KiK3ZHg/7mRfUH5
jt/Z9pek4JoIcezGEG5dZg4HY5AlvQm/IB9Z323/1bDyZHQYsRfTiGmAXFwZLTby
peZAA9hKK15qBmzXcG0tTQfoH+35wiI/zKibcpvPWO4QJ8JBIk2rrvkK3GNBiXTc
iCLyfHmk/WQ6tKs3vhFqDmdWh7B4/zLnshUyH3yZT3Q/zOtTpTbhZAIokCV11BLQ
hE6r9Unj6X07K/R3Rov2cnvBnW8maLMnqzrclRf2oLf5nhO9Ne0=
=uljN
-----END PGP SIGNATURE-----
News for package libexif
