Register | Log in

libexif

Choose email to subscribe with

general

source: libexif (main)
version: 0.6.21-6
maintainer: Debian PhotoTools Maintainers (archive) (DMD)
uploaders: Emmanuel Bouthenot [DMD] – Frederic Peters [DMD]
arch: all any
std-ver: 4.5.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.6.21-2
o-o-sec: 0.6.21-2+deb8u1
oldstable: 0.6.21-2
old-sec: 0.6.21-2+deb9u1
old-p-u: 0.6.21-2+deb9u1
stable: 0.6.21-5.1
stable-sec: 0.6.21-5.1+deb10u1
stable-p-u: 0.6.21-5.1+deb10u1
testing: 0.6.21-6
unstable: 0.6.21-6

versioned links

0.6.21-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.21-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.21-2+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.21-5.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.21-5.1+deb10u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.21-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libexif-dev
libexif-doc
libexif12

action needed

3 ignored security issues in jessie low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2016-6328: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

Please fix them.

Created: 2017-08-23 Last update: 2020-02-10 14:34

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2016-6328: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

Please fix them.

Created: 2017-08-23 Last update: 2020-02-10 14:34

news

[2020-02-10] Accepted libexif 0.6.21-2+deb8u1 (source amd64) into oldoldstable (Debian FTP Masters) (signed by: Hugo Lefeuvre)
[2020-02-08] Accepted libexif 0.6.21-2+deb9u1 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-02-08] Accepted libexif 0.6.21-5.1+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-02-06] Accepted libexif 0.6.21-2+deb9u1 (source) into oldstable->embargoed, oldstable (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-02-06] Accepted libexif 0.6.21-5.1+deb10u1 (source) into stable->embargoed, stable (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2020-01-29] libexif 0.6.21-6 MIGRATED to testing (Debian testing watch)
[2020-01-23] Accepted libexif 0.6.21-6 (source) into unstable (Hugh McMaster) (signed by: Boyuan Yang)
[2019-03-01] libexif 0.6.21-5.1 MIGRATED to testing (Debian testing watch)
[2019-02-18] Accepted libexif 0.6.21-5.1 (source) into unstable (Salvatore Bonaccorso)
[2018-04-12] libexif 0.6.21-5 MIGRATED to testing (Debian testing watch)
[2018-04-05] Accepted libexif 0.6.21-5 (source) into unstable (Hugh McMaster) (signed by: Andreas Metzler)
[2017-11-05] libexif 0.6.21-4 MIGRATED to testing (Debian testing watch)
[2017-11-03] Accepted libexif 0.6.21-4 (source) into unstable (Hugh McMaster) (signed by: Adam Borowski)
[2017-10-29] Accepted libexif 0.6.21-3 (source amd64 all) into unstable, unstable (Hugh McMaster) (signed by: Adam Borowski)
[2017-10-13] libexif 0.6.21-2.1 MIGRATED to testing (Debian testing watch)
[2017-10-08] Accepted libexif 0.6.21-2.1 (source) into unstable (Hugh McMaster) (signed by: Adam Borowski)
[2014-08-30] libexif 0.6.21-2 MIGRATED to testing (Britney)
[2014-08-24] Accepted libexif 0.6.21-2 (source amd64) into unstable (Emmanuel Bouthenot)
[2013-05-05] libexif 0.6.21-1 MIGRATED to testing (Debian testing watch)
[2013-01-27] Accepted libexif 0.6.21-1 (source amd64) (Emmanuel Bouthenot)
[2012-10-20] Accepted libexif 0.6.19-1+squeeze1 (source amd64) (Yves-Alexis Perez)
[2012-07-23] libexif 0.6.20-3 MIGRATED to testing (Debian testing watch)
[2012-07-17] Accepted libexif 0.6.20-3 (source amd64) (Emmanuel Bouthenot)
[2012-02-07] libexif 0.6.20-2 MIGRATED to testing (Debian testing watch)
[2012-01-27] Accepted libexif 0.6.20-2 (source amd64) (Emmanuel Bouthenot)
[2011-05-08] libexif 0.6.20-1 MIGRATED to testing (Debian testing watch)
[2011-04-27] Accepted libexif 0.6.20-1 (source amd64) (Emmanuel Bouthenot)
[2009-11-24] libexif 0.6.19-1 MIGRATED to testing (Debian testing watch)
[2009-11-19] Accepted libexif 0.6.19-1 (source amd64) (Emmanuel Bouthenot)
[2009-11-05] libexif 0.6.18-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.6.21-6

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing