Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libexif 0.6.22-3+deb11u1 (source) into oldoldstable-security
Date: Fri, 01 May 2026 14:20:15 +0000
Signed by: Emmanuel Arias <eamanu@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 20 Apr 2026 07:55:11 -0300
Source: libexif
Architecture: source
Version: 0.6.22-3+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Emmanuel Arias <eamanu@debian.org>
Closes: 1131116 1133922 1133923
Changes:
 libexif (0.6.22-3+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * d/patches/CVE-2026-40386.patch Add patch for CVE-2026-40386.
     - An integer underflow in size checking for Fuji and Olympus MakerNote
       decoding could be used by attackers to crash or leak information out
       of libexif-using programs (Closes: #1133923).
   * d/patches/CVE-2026-40385.patch: Add patch for CVE-2026-40385.
     - An unsigned 32bit integer overflow in Nikon MakerNote handling could
       be used by local attackers to cause crashes or information leaks.
       (Closes: #1133922).
   * d/patches/CVE-2026-32775.patch: Add patch for CVE-2026-32775.patch.
     - If the exif_mnote_data_get_value function in MakerNotes gets passed
       in a 0 size, the passed in-buffer would be overwritten due to an
       integer underflow (Closes: #1131116).
   * d/salsa-ci.yml: Enable salsa-ci.
Checksums-Sha1:
 3b7f4760546ddde65ad8a0b81d75ca354dbda079 2136 libexif_0.6.22-3+deb11u1.dsc
 9925660e70ee8b5ce480c6a6f30c84b382929142 1109525 libexif_0.6.22.orig.tar.gz
 2c8f067efa1988665cda525db14fc0d6c54d6103 13760 libexif_0.6.22-3+deb11u1.debian.tar.xz
 fe9ccf8f688c71cd5a26dde87054997e47202ae4 6112 libexif_0.6.22-3+deb11u1_source.buildinfo
Checksums-Sha256:
 78dba7fdc5d4ce24ad7ef6c0d8644a8e80c5304a526612b0596108ead78a1607 2136 libexif_0.6.22-3+deb11u1.dsc
 46498934b7b931526fdee8fd8eb77a1dddedd529d5a6dbce88daf4384baecc54 1109525 libexif_0.6.22.orig.tar.gz
 80b16929372996343e9de942c97c722ae0d8d6260d7c4c68265a75404fa06993 13760 libexif_0.6.22-3+deb11u1.debian.tar.xz
 29f5ce68f986a10283e8510f99a7032198509f5b0833191b8e175d98ae4e6daf 6112 libexif_0.6.22-3+deb11u1_source.buildinfo
Files:
 1cd2e218b80367f274d133715409bce4 2136 libs optional libexif_0.6.22-3+deb11u1.dsc
 5638b4a4c13ba7f836b6ccce5d568402 1109525 libs optional libexif_0.6.22.orig.tar.gz
 401287e88d022afa8bd110b5747c0ab2 13760 libs optional libexif_0.6.22-3+deb11u1.debian.tar.xz
 3b547c5accf20c5439ccee8e55c5e9a9 6112 libs optional libexif_0.6.22-3+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmn0si0SHGVhbWFudUBk
ZWJpYW4ub3JnAAoJEPqd7F3hHGPxNEcP/j/Uj8JeRxxc+d0SLQSOVLm4BFkdTo3B
GSfBhUYrxR1vcV70a5pgJ6EBOwjZBFnqr3y1igXILjpRlbUP+tpWDMCidZCOUlh6
aWenWaeGdQIqP6/MCpiGqg/OiZCpk7LXoB2lHu/bMOEQMiOthe9q2aHL93s1w+El
DvTpyNpmC3snupAsVWfjQKpREdmzmJrttd65oHY6wi2dkWmzalBfuPdUpBZadqtp
ywcDq1reTvX5ycRs5bsY8C+AL6LzffSL2cDRfE9wgPUONr0ctS9lH6JdURaL3wqn
u+lyKK7noBJhxmF8fKrbhC+K/06O6rVTr6/alF3WRrnldsZa4/hBHf8tdrD6kZsg
pFfBHb5OrVq282Zgo/g1+QVd7uv10sd3tZL1SfE7LPVE7FqL5CLj/b9ZS1Tqu74Y
9wjmBxIcE3xzPzk837T7+giCtpYwkILXtnPicK5PcOKqMsvv3LER6i49l2FAJG6S
FEbztWyojfNdunN+T6xDhEsn+oS2u7dH4tDwqbKNQQF616nd79Ur3suMYRZaN7ZQ
fA/tzwMXWgG7W9ySrNFSlmIkyIZSI40oQUPDLm5K0RlPEhxaVcI/SJWSJoh2eB2v
GuvcqLxa2prO0S8bYZSfAsajFsaybm0vZeChMKxDSgBzkRKgpo3iZ4lKwicfeedO
FrOIZntsnh5e
=e6pM
-----END PGP SIGNATURE-----
News for package libexif
