-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 21 May 2020 11:22:40 +0200 Source: libexif Architecture: source Version: 0.6.21-2+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 873022 876466 918730 960199 Changes: libexif (0.6.21-2+deb9u2) stretch; urgency=medium . [ Mike Gabriel ] * Sponsored upload. * debian/patches: trivial rebasing of several patches. . [ Hugh McMaster ] * Team upload. * Add upstream patches to fix multiple security issues: - cve-2016-6328.patch: Fix an integer overflow while parsing the MNOTE entry data of the input file (CVE-2016-6328) (Closes: #873022). - cve-2017-7544.patch: Fix an out-of-bounds heap read in the function exif_data_save_data_entry() (CVE-2017-7544) (Closes: #876466). - cve-2018-20030.patch: Improve deep recursion detection in the function exif_data_load_data_content() (CVE-2018-20030) (Closes: #918730). - cve-2020-12767.patch: Prevent some possible division-by-zero errors in exif_entry_get_value() (CVE-2020-12767) (Closes: #960199). - cve-2020-0093.patch: Prevent read buffer overflow (CVE-2020-0093). Checksums-Sha1: beadba3836cae110096ef5499150bd01bbe043d6 2127 libexif_0.6.21-2+deb9u2.dsc ad1e642ed3373ba80162cb89e2db6dcce4ac5a4f 12576 libexif_0.6.21-2+deb9u2.debian.tar.xz 127dd3c9b7413ee10aca48b4424f86b23d8519d2 7995 libexif_0.6.21-2+deb9u2_source.buildinfo Checksums-Sha256: 11630184e84c7fc422e2b1e0f89e27f05c3d9cdebdf334dad085ff021083c0d7 2127 libexif_0.6.21-2+deb9u2.dsc c0f62583ff4220a10aaf99b42b81c7ff02df71e3e99651442ea577d1d44018ec 12576 libexif_0.6.21-2+deb9u2.debian.tar.xz d2fd840d585b370d4512361d98040c5ebb3078cc36a8bc58280eb400d6a92499 7995 libexif_0.6.21-2+deb9u2_source.buildinfo Files: dbceacb938df9aa0ba23815dc3e6b304 2127 libs optional libexif_0.6.21-2+deb9u2.dsc 5fe5eaa3f97906a562298f95a86d83f9 12576 libs optional libexif_0.6.21-2+deb9u2.debian.tar.xz 33060e41e45e6dd0cf4aebf9589c1525 7995 libs optional libexif_0.6.21-2+deb9u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl7GSNMVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxkdoP/0gd1eFaN6LsOFC+tnWDq5dX/1Vu jLVJaBiUIXDk0wKG4eX3DkeoMHuz8+7OLJ2pqaffEPlhiD4ubAv+Q5ZPqZpevdK1 QBV7iU1W5vDibl9sj0ov7Ajmbh++xHavxHQNyl6itPKHc2Z5ZzfqnCSCGoIH0Ei3 RJT/bFq6monn9TEgacnXVcdiBNpnkjBj4p2kuUYYCFGFyY4wa29AgvZU9tJg/1Dr kR2wOQHPF0b1luS2HycLbupjqToDI6wwmatE73p6/3M+G4gqMYNyW38SSqYpPx+A 7UkUnf2oV4ajNChAUVhou8pNgEGR+c1O+3hlIl95L5kt8P4cqDjZDSm2Q84XvD7T 4JVkCrN4lJ62g+rDtpbqM3Snpx0UmNr6GkbYFhhHMsbMG1LjoMYhq9ASgkGuyh9M ISunIYBPXy1L2QRWGnmsBahZ9ClkVvrFI4xO3x5yrKkjf2wCYYWnxYw6cnpGZpJ9 dYGVylovrPCbLDYSHAMEzcsmi6ibsC085nrnFuzHGL1T7KzRfCPXUbZryyRLFx/X NJDtUZaIAZck8QRcOJHb8Lhl6c5QwA/yoEgXP4yr1LaVtAL97MVMIRdqUtEHRLjx fRmQhlcbAmIHe7VJun7vC6s4/goiil5kueNC5mScmZ6SgRKxwWLlVceksVrY3L5y ePwgVvPx8SotROBT =wOU9 -----END PGP SIGNATURE-----