Debian Package Tracker

From: Roberto C. Sanchez <roberto@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted exiv2 0.24-4.1+deb8u2 (source all) into oldstable
Date: Sun, 21 Oct 2018 04:10:20 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 20 Oct 2018 22:48:53 -0400
Source: exiv2
Binary: exiv2 libexiv2-13 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: source all
Version: 0.24-4.1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 exiv2      - EXIF/IPTC metadata manipulation tool
 libexiv2-13 - EXIF/IPTC metadata manipulation library
 libexiv2-dbg - EXIF/IPTC metadata manipulation library - debug
 libexiv2-dev - EXIF/IPTC metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation
Changes:
 exiv2 (0.24-4.1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Minor adjustment to the patch for CVE-2018-10958 and CVE-2018-10999.  The
     initial patch was overly restrictive in counting PNG image chunks.
   * CVE-2018-16336: remote denial of service (heap-based buffer over-read) via
     a crafted image file.
Checksums-Sha1:
 2c3793f62372b17a88dbd576c45199f58a38552c 2295 exiv2_0.24-4.1+deb8u2.dsc
 24c6c272a25725537e6796002359ab262be87c12 18004 exiv2_0.24-4.1+deb8u2.debian.tar.xz
 ed8cb22720ae4efce2ccb7b931f2f601afdcb528 19248646 libexiv2-doc_0.24-4.1+deb8u2_all.deb
Checksums-Sha256:
 454efb2184ce7bb7327f8e6c1d1a6c853fc34fef020c1d3eeab9ed47259b1368 2295 exiv2_0.24-4.1+deb8u2.dsc
 eb5e33d8ff1f9d4e6f39bcf3061c8be75dafb4791445155f54877cd781d18928 18004 exiv2_0.24-4.1+deb8u2.debian.tar.xz
 745cc259819c894fb6c7e0b7e4a8e36c548cafd864fe57d0988ab1350e9e994e 19248646 libexiv2-doc_0.24-4.1+deb8u2_all.deb
Files:
 19d0713035b6b6df4e668f06eedda283 2295 graphics optional exiv2_0.24-4.1+deb8u2.dsc
 e0350f304bb508f756cb5d6e6d0233f5 18004 graphics optional exiv2_0.24-4.1+deb8u2.debian.tar.xz
 605e34ec08702f0366b0e323b2cc3c20 19248646 doc optional libexiv2-doc_0.24-4.1+deb8u2_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAlvL+A4ACgkQLNd4Xt2n
sg8hYg/8Dm9J6rorDyrC3glhjTGCaa8fS32MJ+XAMR9N70ST+AYf3XSbHfCjpL9R
3c8ZwxW4JQfN+ioijz0y0aL3AVR1EwJI7mJbu+cKUSB7Npqh6YBkqHNYcRAnXH6a
UZExwAvn7Q3mT7QuPhGJew+Xv9QgOnkfkxVOA277/OXXk8bGLJLJzJM16rUDE0hX
F7XlEBFUz0jzbBhR6rPggPRWcGhSjy4zcJafkGAg4/o+q3BpTOb4jzdXQJIYUBdP
CJPlvvteYTv2Hz5wugQc2A8LC0Ddg9dFaQkBWgCOgWYAJbVIgxak7+vmR9Y+dEzu
48i9pqqNA1h53aVIbYS+lECbIxSz6HOwGPyRhzm3B0qGf/Tbu505/rsSahk+thJN
99kHBYupcXmwzrjbYqNv9eHNRcPose8lKRPVIhfrg/2HJYmcEkAva3I7WyXjbEG0
YYnGq4Zui1M7JN8yf6j4YLAWyNzJ2lmxH5tOq++6LVWRL4ufPbG1LLARIghqHHpK
Gv9kcHoFLFC50uUpdSrJc2QSe+I3K+jd74pnLMe6bEkLcIQfvEJXvcRXvze3NptW
rvqZbuU9F3ovhEiJQ0nNCXIN6FdlTIqazJGkt+flmoAoBVcow/SVCCpaGnwSFqrG
MP21xF09LPebGF+zVadvMQM8tjiCfebSeJL+iJK7iMS5vREWEpA=
=dhCx
-----END PGP SIGNATURE-----
News for package exiv2
