Register | Log in

libexif

Choose email to subscribe with

general

source: libexif (main)
version: 0.6.21-5.1
maintainer: Debian PhotoTools Maintainers (archive) (DMD)
uploaders: Emmanuel Bouthenot [DMD] – Frederic Peters [DMD]
arch: all any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.6.21-2
oldstable: 0.6.21-2
stable: 0.6.21-5.1
testing: 0.6.21-5.1
unstable: 0.6.21-5.1

versioned links

0.6.21-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.6.21-5.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libexif-dev
libexif-doc
libexif12

action needed

The URL(s) for this package had some recent persistent issues low

DUCK reports some issues concerning upstream URLs defined for this package.

Created: 2019-01-12 Last update: 2019-09-19 11:07

3 ignored security issues in jessie low

There are 3 open security issues in jessie.

3 issues skipped by the security teams:

CVE-2016-6328: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

Please fix them.

Created: 2017-08-23 Last update: 2019-07-07 09:01

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2016-6328: A vulnerability was found in libexif. An integer overflow when parsing the MNOTE entry data of the input file. This can cause Denial-of-Service (DoS) and Information Disclosure (disclosing some critical heap chunk metadata, even other applications' private data).
CVE-2018-20030: An error when processing the EXIF_IFD_INTEROPERABILITY and EXIF_IFD_EXIF tags within libexif version 0.6.21 can be exploited to exhaust available CPU resources.
CVE-2017-7544: libexif through 0.6.21 is vulnerable to out-of-bounds heap read vulnerability in exif_data_save_data_entry function in libexif/exif-data.c caused by improper length computation of the allocated data of an ExifMnote entry which can cause denial-of-service or possibly information disclosure.

Please fix them.

Created: 2017-08-23 Last update: 2019-07-07 09:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.1.3).

Created: 2018-04-06 Last update: 2019-07-08 20:09

news

[2019-03-01] libexif 0.6.21-5.1 MIGRATED to testing (Debian testing watch)
[2019-02-18] Accepted libexif 0.6.21-5.1 (source) into unstable (Salvatore Bonaccorso)
[2018-04-12] libexif 0.6.21-5 MIGRATED to testing (Debian testing watch)
[2018-04-05] Accepted libexif 0.6.21-5 (source) into unstable (Hugh McMaster) (signed by: Andreas Metzler)
[2017-11-05] libexif 0.6.21-4 MIGRATED to testing (Debian testing watch)
[2017-11-03] Accepted libexif 0.6.21-4 (source) into unstable (Hugh McMaster) (signed by: Adam Borowski)
[2017-10-29] Accepted libexif 0.6.21-3 (source amd64 all) into unstable, unstable (Hugh McMaster) (signed by: Adam Borowski)
[2017-10-13] libexif 0.6.21-2.1 MIGRATED to testing (Debian testing watch)
[2017-10-08] Accepted libexif 0.6.21-2.1 (source) into unstable (Hugh McMaster) (signed by: Adam Borowski)
[2014-08-30] libexif 0.6.21-2 MIGRATED to testing (Britney)
[2014-08-24] Accepted libexif 0.6.21-2 (source amd64) into unstable (Emmanuel Bouthenot)
[2013-05-05] libexif 0.6.21-1 MIGRATED to testing (Debian testing watch)
[2013-01-27] Accepted libexif 0.6.21-1 (source amd64) (Emmanuel Bouthenot)
[2012-10-20] Accepted libexif 0.6.19-1+squeeze1 (source amd64) (Yves-Alexis Perez)
[2012-07-23] libexif 0.6.20-3 MIGRATED to testing (Debian testing watch)
[2012-07-17] Accepted libexif 0.6.20-3 (source amd64) (Emmanuel Bouthenot)
[2012-02-07] libexif 0.6.20-2 MIGRATED to testing (Debian testing watch)
[2012-01-27] Accepted libexif 0.6.20-2 (source amd64) (Emmanuel Bouthenot)
[2011-05-08] libexif 0.6.20-1 MIGRATED to testing (Debian testing watch)
[2011-04-27] Accepted libexif 0.6.20-1 (source amd64) (Emmanuel Bouthenot)
[2009-11-24] libexif 0.6.19-1 MIGRATED to testing (Debian testing watch)
[2009-11-19] Accepted libexif 0.6.19-1 (source amd64) (Emmanuel Bouthenot)
[2009-11-05] libexif 0.6.18-1 MIGRATED to testing (Debian testing watch)
[2009-11-04] libexif 0.6.18-1 MIGRATED to testing (Debian testing watch)
[2009-10-24] Accepted libexif 0.6.18-1 (source amd64) (Emmanuel Bouthenot)
[2009-04-30] libexif 0.6.17-1 MIGRATED to testing (Debian testing watch)
[2009-04-19] Accepted libexif 0.6.17-1 (source amd64) (Emmanuel Bouthenot) (signed by: Cyril Brulebois)
[2008-04-12] Accepted libexif 0.6.9-6sarge2 (source i386) (Moritz Muehlenhoff)
[2008-02-28] Accepted libexif 0.6.9-6sarge2 (source i386) (Moritz Muehlenhoff)
[2008-02-16] Accepted libexif 0.6.13-5etch2 (source i386) (Moritz Muehlenhoff)

1
2

bugs [bug history graph]

all: 0

links

homepage
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.6.21-5.1
10 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing