Accepted exiv2 0.24-4.1+deb8u3 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 26 Feb 2019 19:03:02 +0100
Source: exiv2
Binary: exiv2 libexiv2-13 libexiv2-dev libexiv2-doc libexiv2-dbg
Architecture: source amd64 all
Version: 0.24-4.1+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
exiv2 - EXIF/IPTC metadata manipulation tool
libexiv2-13 - EXIF/IPTC metadata manipulation library
libexiv2-dbg - EXIF/IPTC metadata manipulation library - debug
libexiv2-dev - EXIF/IPTC metadata manipulation library - development files
libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation
Changes:
exiv2 (0.24-4.1+deb8u3) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2018-17581
A stack overflow due to a recursive function call causing excessive
stack consumption which leads to Denial of service.
* CVE-2018-19107
A heap based buffer over-read caused by an integer overflow could
result in a denial of service via a crafted file.
* CVE-2018-19108
There seems to be an infinite loop inside a function that can be
activated by a crafted image.
* CVE-2018-19535
A heap based buffer over-read caused could result in a denial of
service via a crafted file.
* CVE-2018-20097
A crafted image could result in a denial of service.
Checksums-Sha1:
1abe31f8630c43b845a03448f44e06883b501d37 2454 exiv2_0.24-4.1+deb8u3.dsc
2f19538e54f8c21c180fa96d17677b7cff7dc1bb 4635028 exiv2_0.24.orig.tar.gz
e01772d1f7972ad3c432ccfd23b5c43756407503 20536 exiv2_0.24-4.1+deb8u3.debian.tar.xz
75fdeea4db956f46b7ff4abfb6ba8880240bc9f4 94924 exiv2_0.24-4.1+deb8u3_amd64.deb
c0e1f29099ef1433e3bce1ccd6239a7dbcd1ba5b 729692 libexiv2-13_0.24-4.1+deb8u3_amd64.deb
be3d7676e1cba30a55f30781974c035b0da6a830 1111080 libexiv2-dev_0.24-4.1+deb8u3_amd64.deb
51178af771e3ddd6febbd6ffb07417698c26676b 19091690 libexiv2-doc_0.24-4.1+deb8u3_all.deb
fa58877616c7a5815cd52a74666654e4994a2102 5528704 libexiv2-dbg_0.24-4.1+deb8u3_amd64.deb
Checksums-Sha256:
75cd868fdc2348af24cece8c2a6663fce8c0ef0296b5819eada67eb0fd7da388 2454 exiv2_0.24-4.1+deb8u3.dsc
f4a443e6c7fb9d9f5e787732f76969a64c72c4c04af69b10ed57f949c2dfef8e 4635028 exiv2_0.24.orig.tar.gz
ec3b36dc5e1d67106d318af34259cbf2791a4b87abfcbd74a650fc1deabb34c3 20536 exiv2_0.24-4.1+deb8u3.debian.tar.xz
6896335c111aae72e9efbeae81a79fa9cbb784bc356e1d0278fa5049d14fc02f 94924 exiv2_0.24-4.1+deb8u3_amd64.deb
72e62a47c071d47ffb20cdaedc8371829080ad2bc5f004a30bfeebdadaaa121f 729692 libexiv2-13_0.24-4.1+deb8u3_amd64.deb
cd1fc591f15442e9c635912cd76c1f88a552e3aeb050523273d8c84aae0a584e 1111080 libexiv2-dev_0.24-4.1+deb8u3_amd64.deb
d569372a5348e79bfa50fa4f82be3816843c8d9f3a8876708b57f30b7ade6190 19091690 libexiv2-doc_0.24-4.1+deb8u3_all.deb
07bd15c7ae7ee987bf50875638158d890560ae385b60875998bb12bbcb5bb6bb 5528704 libexiv2-dbg_0.24-4.1+deb8u3_amd64.deb
Files:
acfc0a22e96020fbf2db2003dc55e799 2454 graphics optional exiv2_0.24-4.1+deb8u3.dsc
b8a23dc56a98ede85c00718a97a8d6fc 4635028 graphics optional exiv2_0.24.orig.tar.gz
0671d8c8a395aa0e8732251be282072d 20536 graphics optional exiv2_0.24-4.1+deb8u3.debian.tar.xz
74310da9adea2a8506d592733772b744 94924 graphics optional exiv2_0.24-4.1+deb8u3_amd64.deb
045233811953b2af6bc638afc50b3a99 729692 libs optional libexiv2-13_0.24-4.1+deb8u3_amd64.deb
3c4bea11a18df000fac54324b47c4581 1111080 libdevel optional libexiv2-dev_0.24-4.1+deb8u3_amd64.deb
5fb272f7e8861d595dccd5bc9eaf6918 19091690 doc optional libexiv2-doc_0.24-4.1+deb8u3_all.deb
c07a9886275330724aa7287295180a9d 5528704 debug extra libexiv2-dbg_0.24-4.1+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlx1jRZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR6FUEAC7CGVI329tIw0yn0Su4kTKcPmKyUZg
ZkA40kwgSEPPYTO4sX6R4jK8ltyYIEpbe70wWzQ6xUwzEuN1IJQSq+CsbZI8RFnq
gEyVFglBa+GUVQD+4058woz37VfgFKPLqAtNDaO0xISBuregWSc0TtXIK7XqEODS
fkFaPjh2uG7mOxM+9Pnsr9CzdRVx61+32lZcGrw9Hs1+3Upyq30z8YFqREnhr+Zz
vJTAx4tHINIVXknDOgB3MbrQgpFi0WKpSPxU7K1iJDooVW4cQxxsDokT5weVwEBU
punQWHzJprmvKya15EQgf8POTgblA3t5KrnMzCDd1L8NDqBUPfs+FmHKiZSClzhK
9UG/DjMNW49cajoeM/E95/9UBJ8GONChXMHP+vl5cOQVF7wpa0hmKjYvQlSuxqEo
qL1crV5CkZP+iGwG7KuBA5oQjVH6jQePG4mi/fmUTeiK09l1v8KXH6lemi3sSlne
JB1pnQHxzRD+T7650RnBBuN4Ome6w59SmYP9O6WQsBkFaNdJgCsgamFj9qJA+1By
VBUQiWGIPmJG5EYbeniGW4w7rdlknP/jKzuusQ2uo8C9maN7Cb7w6Nifv/IFqfB/
m0HTnOF6z2IGaZmTAvSiZuXJOmtyD+yhJ8T+sNyq0wzpjobX/UwrZbZyu1/PPEoa
EIex+m0ps1/qWw==
=iQ0g
-----END PGP SIGNATURE-----
Reply to: