-
exiv2 (0.25-4ubuntu2.2) eoan-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-20421.patch: fix_1011_jp2_readmetadata_loop
in src/jp2image.cpp.
- CVE-2019-20421
-- <email address hidden> (Leonidas S. Barbosa) Tue, 04 Feb 2020 13:49:27 -0300
-
exiv2 (0.25-4ubuntu2.1) eoan-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-17402.patch: check offset and size
against total size in src/crwimage.cpp.
- CVE-2019-17402
-- <email address hidden> (Leonidas S. Barbosa) Fri, 18 Oct 2019 09:53:38 -0300
-
exiv2 (0.25-4ubuntu2) eoan; urgency=medium
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
in src/enforce.hpp, use safe:add for preventing overflows in
PSD files and enforce length of image resource
section < file size in src/psdimage.cpp.
- CVE-2018-19107
- CVE-2018-19108
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-19535-*.patch: fixes in
PngChunk::readRawProfile in src/pngchunk.cpp.
- CVE-2018-19535
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13110.patch: avoid integer overflow
in src/crwimage.cpp.
- CVE-2019-13110
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13112.patch: add bound check
on allocation size in src/pngchunk.cpp.
- CVE-2019-13112
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13113.patch: throw an exception
if the data location is invalid in src/crwimage.cpp,
src/crwimage_int.hpp.
- CVE-2019-13113
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13114.patch: avoid null pointer
exception due to NULL return from strchr in src/http.cpp.
- CVE-2019-13114
* Add error codes from src error in order to support CVE-2018-19535
- debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch
-- <email address hidden> (Leonidas S. Barbosa) Mon, 15 Jul 2019 11:49:42 -0300
-
exiv2 (0.25-4ubuntu1) disco; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-11591.patch: fix in
include/exiv2/value.hpp.
- CVE-2017-11591
* SECURITY UPDATE: Remote denial of service
- debian/patches/CVE-2017-11683.patch: fix in
src/tiffvisitor.cpp.
- CVE-2017-11683
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-14859_14862_14864.patch: fix in
src/error.cpp, src/tiffvisitor.cpp.
- CVE-2017-14859
- CVE-2017-14862
- CVE-2017-14864
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2017-17669.patch: fix in
src/pngchunk.cpp.
- CVE-2017-17669
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-17581.patch: fix in
src/crwimage.cpp.
- CVE-2018-17581
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-16336.patch: fix in
src/pngchunk.cpp.
- CVE-2018-16336
* Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.
-- <email address hidden> (Leonidas S. Barbosa) Thu, 24 Jan 2019 13:15:19 -0300
