Debian Package Tracker

From: Roberto C. Sanchez <roberto@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted exiv2 0.25-3.1+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates
Date: Wed, 04 Jul 2018 20:47:11 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 27 Jun 2018 08:09:36 -0400
Source: exiv2
Binary: exiv2 libexiv2-14 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: source amd64 all
Version: 0.25-3.1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 exiv2      - EXIF/IPTC/XMP metadata manipulation tool
 libexiv2-14 - EXIF/IPTC/XMP metadata manipulation library
 libexiv2-dbg - EXIF/IPTC/XMP metadata manipulation library - debug
 libexiv2-dev - EXIF/IPTC/XMP metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC/XMP metadata manipulation library - HTML documentation
Closes: 901706 901707
Changes:
 exiv2 (0.25-3.1+deb9u1) stretch-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2018-10958: denial of service through memory exhaustion and
     application crash by a crafted PNG image.
   * CVE-2018-10999: a heap-based buffer over-read via a crafted PNG image.
   * CVE-2018-10998: denial of service through memory exhaustion and
     application crash by a crafted image.
   * CVE-2018-11531: a heap-based buffer overflow and application crash by a
     crafted image.
   * CVE-2018-12264: integer overflow leading to out of bounds read by a
     crafted image. (Closes: #901707)
   * CVE-2018-12265: integer overflow leading to out of bounds read by a
     crafted image. (Closes: #901706)
Checksums-Sha1:
 0c37645bf6bf7c74e761ab1569e9621a8eba75fe 2304 exiv2_0.25-3.1+deb9u1.dsc
 adb8ffe63916e7c27bda9792e690d1330ec7273d 5434325 exiv2_0.25.orig.tar.gz
 38f74c4d2371e66116f3955a164a058ce38fdeb6 26540 exiv2_0.25-3.1+deb9u1.debian.tar.xz
 72aae5add7dc6feea92b22179e07bc0b36d3c2b8 9284 exiv2_0.25-3.1+deb9u1_amd64.buildinfo
 655f2b9c182d89e8b828913fa674a216b1a7262a 108374 exiv2_0.25-3.1+deb9u1_amd64.deb
 d7d2d94af492125d854e72ddde07539e93cfc1be 711486 libexiv2-14_0.25-3.1+deb9u1_amd64.deb
 a9616d929920ca54a991ae8651438b355059d43d 6259034 libexiv2-dbg_0.25-3.1+deb9u1_amd64.deb
 bfebbb866f466626d5c6696afa89c1ebf5976edc 7525488 libexiv2-dev_0.25-3.1+deb9u1_amd64.deb
 9cdb4c88984de048de54e88b97c60a8e8479fd9e 20172172 libexiv2-doc_0.25-3.1+deb9u1_all.deb
Checksums-Sha256:
 2b6c0b81178506feab3c69724a42443200fe5aa91665028a7aa1618e39fab607 2304 exiv2_0.25-3.1+deb9u1.dsc
 c80bfc778a15fdb06f71265db2c3d49d8493c382e516cb99b8c9f9cbde36efa4 5434325 exiv2_0.25.orig.tar.gz
 2a24fa184ae4a38b1d1292c3286f089100b626ae056355de8c5be73ba0e4b0b8 26540 exiv2_0.25-3.1+deb9u1.debian.tar.xz
 1170947777585eb5f3a12c671535e9beaddaec9bad257af5a0e2a07ca3255d6b 9284 exiv2_0.25-3.1+deb9u1_amd64.buildinfo
 00c06e973d12a68495389a2910201a9a92bb1ac5d5abf64c17ce7754b69b5a85 108374 exiv2_0.25-3.1+deb9u1_amd64.deb
 390c2b760f3305279d5234a11fb65d25679d5ef34d7ed18061f7399faaaabcec 711486 libexiv2-14_0.25-3.1+deb9u1_amd64.deb
 daeae9d88228bb78b083235069666929384710b3a13d2abeb9706447f3404883 6259034 libexiv2-dbg_0.25-3.1+deb9u1_amd64.deb
 45332ef636b894a8acdd0228e7ed6354814e51dd7790aa97ab286c018a201eed 7525488 libexiv2-dev_0.25-3.1+deb9u1_amd64.deb
 090f6efc576d3dae31426781fce20f91c6151ce400203b679f67931f4bd3d5ba 20172172 libexiv2-doc_0.25-3.1+deb9u1_all.deb
Files:
 4c377d1c6ca4d94a36d6db1b1a3e882e 2304 graphics optional exiv2_0.25-3.1+deb9u1.dsc
 258d4831b30f75a01e0234065c6c2806 5434325 graphics optional exiv2_0.25.orig.tar.gz
 8c6d5de6827f13177285925913140b3d 26540 graphics optional exiv2_0.25-3.1+deb9u1.debian.tar.xz
 1f9c6bd0c277f63844244036ad47bc3a 9284 graphics optional exiv2_0.25-3.1+deb9u1_amd64.buildinfo
 a6a28ec4edad97944f4be78d70ba6036 108374 graphics optional exiv2_0.25-3.1+deb9u1_amd64.deb
 f22d1202cd7c0f5445f958554a27c631 711486 libs optional libexiv2-14_0.25-3.1+deb9u1_amd64.deb
 ba1e096ed59b3d384e325644a00f7507 6259034 debug extra libexiv2-dbg_0.25-3.1+deb9u1_amd64.deb
 3d43e9402856d0ecadb3166fcfdc7264 7525488 libdevel optional libexiv2-dev_0.25-3.1+deb9u1_amd64.deb
 ec53ca2c02b71894159276666f481d95 20172172 doc optional libexiv2-doc_0.25-3.1+deb9u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAls32jQACgkQLNd4Xt2n
sg/zRQ/+LCqNOWBnPiKQzwMKSfeVPgrIk/9vcbDnLFBeXd9WTZv1Z+I/7lvRAoxI
DXYjI/fMhAXSNcWdDzL+Uzk5rUF8c8DX/6gemHSS83Z/luj4pleS+nQRP0Vx6Llh
OE3g0FeH3NDEYb+uzSLxqCmtI+9m2CR8XBrjywupJSbU1gVs7BSp9Ino+0Xm3LIx
f7iYJH4sBAf2mjIe+KAVQNJ7i4dtst53XYU9VOXFBnFWnBeFxHtH4Z3JrQ/OPPf+
lnFcnRaj4wYJGQgJMS12k0Y3lR9NkhwlnUmGflMX2MYRnUkFqr6ZlC9UpMIM9sLp
53/jgRzZC7ZL8f/UHIVDcxT3MYwoQC8GwRKFItVO+3H+S9/xaXk9bJIgj5jM7l51
kJznznABmUAf0dgAT4kej2XH135CkHq+ub+qtwgKoHfajHqK+lHSesZbnFc6nAf8
IhTRY5kAN6DsKN+X88kDi2Gve4uE/2Ko2jIFL0E9AgYM1SBKvDDPSkbzCuXl/XOb
1gbHTUWAFshkEe4y45oBCGCLon2jsGAroxVltF7ZvlUG7+3jSbGDf91eTtkH6RGt
Q7WRdX0b7lEoLVu2hiBxJdks8gTHJdZqut+T8WiMKMZOOhPAWoNHQqhs4ueTB/Ab
suJM6pNEbt1It59Y0THi5gXeM1YOoMU1aXaEoWVix2sxoWS8JOw=
=y6eR
-----END PGP SIGNATURE-----
News for package exiv2
