[Bug 1024213] Re: libexif 0.6.21 and exif 0.6.21 were released to fix various overflows and related issues.

Mon, 23 Jul 2012 11:21:25 -0700 

This bug was fixed in the package libexif - 0.6.16-2.1ubuntu0.2

---------------
libexif (0.6.16-2.1ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: denial of service and possible info disclosure via
    corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
    - debian/patches/CVE-2012-2812.dpatch: fix reading tags that aren't
      NUL-terminated in libexif/exif-entry.c.
    - CVE-2012-2812
  * SECURITY UPDATE: denial of service and possible info disclosure via
    UTF-16 tag (LP: #1024213)
    - debian/patches/CVE-2012-2813.dpatch: don't read past the end of a
      tag when converting from UTF-16 in libexif/exif-entry.c.
    - CVE-2012-2813
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2814.dpatch: fix buffer overflows in
      libexif/exif-entry.c.
    - CVE-2012-2814
  * SECURITY UPDATE: denial of service and possible info disclosure via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2836.dpatch: fix buffer overflows in
      libexif/exif-data.c
    - CVE-2012-2836
  * SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2837.dpatch: fix some possible
      division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
    - CVE-2012-2837
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted tags (LP: #1024213)
    - debian/patches/CVE-2012-2840.dpatch: fix off-by-one in
      libexif/exif-utils.c.
    - CVE-2012-2840
  * SECURITY UPDATE: denial of service and possible code execution via
    incorrect buffer size (LP: #1024213)
    - debian/patches/CVE-2012-2841.dpatch: validate buffer length in
      libexif/exif-entry.c.
    - CVE-2012-2841
 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>   Thu, 19 Jul 2012 14:46:59 
-0400

** Changed in: libexif (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1024213

Title:
  libexif 0.6.21 and exif 0.6.21 were released to fix various overflows
  and related issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libexif/+bug/1024213/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to