-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 27 Jun 2018 08:09:34 -0400 Source: exiv2 Binary: exiv2 libexiv2-13 libexiv2-dev libexiv2-doc libexiv2-dbg Architecture: source all Version: 0.24-4.1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: exiv2 - EXIF/IPTC metadata manipulation tool libexiv2-13 - EXIF/IPTC metadata manipulation library libexiv2-dbg - EXIF/IPTC metadata manipulation library - debug libexiv2-dev - EXIF/IPTC metadata manipulation library - development files libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation Closes: 901706 901707 Changes: exiv2 (0.24-4.1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2018-10958: denial of service through memory exhaustion and application crash by a crafted PNG image. * CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image. * CVE-2018-10998: denial of service through memory exhaustion and application crash by a crafted image. * CVE-2018-11531: a heap-based buffer overflow and application crash by a crafted image. * CVE-2018-12264: integer overflow leading to out of bounds read by a crafted image. (Closes: #901707) * CVE-2018-12265: integer overflow leading to out of bounds read by a crafted image. (Closes: #901706) Checksums-Sha1: f04b80fd2b7346b8b965fbec4a93152de84de824 2295 exiv2_0.24-4.1+deb8u1.dsc 2f19538e54f8c21c180fa96d17677b7cff7dc1bb 4635028 exiv2_0.24.orig.tar.gz 3748cf4fb3c265ebb41884de32c790ffbaa10fc2 16484 exiv2_0.24-4.1+deb8u1.debian.tar.xz aeacdc61a661f81c31948b7fbde4ce504fd81453 19236196 libexiv2-doc_0.24-4.1+deb8u1_all.deb Checksums-Sha256: b8682edf3036b6e16b470275486e1e10232714fba255534a576e0ac295bb039f 2295 exiv2_0.24-4.1+deb8u1.dsc f4a443e6c7fb9d9f5e787732f76969a64c72c4c04af69b10ed57f949c2dfef8e 4635028 exiv2_0.24.orig.tar.gz 836ea7177f6072364593764eb423d5c9943b34a6d7ff4a113478eb29ea7ebeb1 16484 exiv2_0.24-4.1+deb8u1.debian.tar.xz ba40b316654acbbeddc4b608bf2558307d07cdba8b4ce34edac712d7329651ae 19236196 libexiv2-doc_0.24-4.1+deb8u1_all.deb Files: 0fdb306cdd377320ebbd53d12297c493 2295 graphics optional exiv2_0.24-4.1+deb8u1.dsc b8a23dc56a98ede85c00718a97a8d6fc 4635028 graphics optional exiv2_0.24.orig.tar.gz 106819a40770aa61564cb2fee6fa34c2 16484 graphics optional exiv2_0.24-4.1+deb8u1.debian.tar.xz e99d4d5c78c09041ae55197d5ea43ec7 19236196 doc optional libexiv2-doc_0.24-4.1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAls0ZtwACgkQLNd4Xt2n sg+tIw//XGl6C9zydmllI5sAheI50M+SskaghqcsoMVVwOhI8CJi4Blo0xZU0E1B LBfGzOiD1qpsN2ZIGl/gM7jQ0Zdv3ObPrJ6YBic/5c0lGKDLqEQkWK1SmpGtlCkt cGltRKHntgRxPIWepKbQqRNrOMyw9G2u4RV5rR9MOfGSRPFez6OqshWXNRWwaY5P 1DcPvHLJwW2fqpsrtkgQvjV2C+KDKYbhNNtpxaniF44xawY4M63MTMixZAL6wLMs eJCRP8mtX6pPVuItDNaXridvel66KKg24lE1/IdTplfNTbCUGRMjuklHaxDmqZaq TVIdBT+Q6Mg50qwARg7vmT5yfcvLsSyomZ1RsTOIyQZ+iBH/kb/q+rw2RFEj8dZS 2qtMovHTux7z2DJavS0iMuBcWgQeE/fnhiQ/iFZzVwBDkEapByYNAjsOW+bjLF7v Bzq1A7NqxKllv9AtTFn6uuVqpzpLJW/zlVfRw/BLVtiI74bwvGEHpCrs5R0UYnrv km1KflazVBKqIM1SmZlcZ5pJxtmpmLvhSylGERlgqJylixz89zR4M/6X89yJwZqT V9OGatVXVqHqsTUzhXIl56Lm/3O9n9/f+Hi/Kn1TWR75TqsJU1zh0U6d0wtxErMS /Fdm0dR583Jqf2eQ9ThvUph+R84M0kiF85X0cA51S70uI9YY4+Y= =f/qw -----END PGP SIGNATURE-----
