On Sat, Mar 19, 2005 at 05:22:28PM +0100, Helge Kreutzmann wrote: > Package: libexif5 > Version: N/A; reported 2005-03-19 > Severity: grave > Tags: security, woody > Justification: user security hole > > Please see > http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0664 > > If libexif5 is not impacted then please add CAN-2005-0664 to > http://www.debian.org/security/nonvulns-woody
Upstream have provided a patch for 0.6.12 below: http://sourceforge.net/tracker/download.php?group_id=12272&atid=312272&file_id=124506&aid=1158402 <--- libexif-0.6.12/libexif/exif-data.c.xx 2005-03-07 13:39:31.512343466 +0100 <+++ libexif-0.6.12/libexif/exif-data.c 2005-03-07 13:40:34.916416519 +0100 <@@ -696,7 +696,7 @@ < "Found EXIF header."); < < /* Byte order (offset 6, length 2) */ <- if (ds < 12) <+ if (ds < 14) < return; < if (!memcmp (d + 6, "II", 2)) < data->priv->order = EXIF_BYTE_ORDER_INTEL; < However this patch does not apply to 0.5.0 in woody. Reading the source code, woody is vulnerable and the patch below should fix the problem. (The code is very similar at this point but size was renamed to ds). Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. --- libexif/exif-data.c.old Fri Apr 1 15:36:02 2005 +++ libexif/exif-data.c Fri Apr 1 15:36:50 2005 @@ -475,7 +475,7 @@ #endif /* Byte order (offset 6, length 2) */ - if (size < 12) + if (size < 14) return; if (!memcmp (d + 6, "II", 2)) data->priv->order = EXIF_BYTE_ORDER_INTEL; -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
