Your message dated Thu, 21 Jun 2007 19:02:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#430012: fixed in libexif 0.6.16-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libexif12
Version: 0.6.13-5
Severity: grave
Tags: security
Justification: user security hole
CVE-2006-4168:
"Integer overflow in the exif_data_load_data_entry function in
libexif/exif-data.c in Libexif before 0.6.16 allows remote attackers to
cause a denial of service (application crash) or execute arbitrary code
via an image with many EXIF components, which triggers a heap-based
buffer overflow."
This is fixed in 0.6.16, see
http://sourceforge.net/project/shownotes.php?release_id=515385
--- End Message ---
--- Begin Message ---
Source: libexif
Source-Version: 0.6.16-1
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:
libexif-dev_0.6.16-1_i386.deb
to pool/main/libe/libexif/libexif-dev_0.6.16-1_i386.deb
libexif12_0.6.16-1_i386.deb
to pool/main/libe/libexif/libexif12_0.6.16-1_i386.deb
libexif_0.6.16-1.diff.gz
to pool/main/libe/libexif/libexif_0.6.16-1.diff.gz
libexif_0.6.16-1.dsc
to pool/main/libe/libexif/libexif_0.6.16-1.dsc
libexif_0.6.16.orig.tar.gz
to pool/main/libe/libexif/libexif_0.6.16.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <[EMAIL PROTECTED]> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 21 Jun 2007 20:42:24 +0200
Source: libexif
Binary: libexif12 libexif-dev
Architecture: source i386
Version: 0.6.16-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <[EMAIL PROTECTED]>
Changed-By: Frederic Peters <[EMAIL PROTECTED]>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif12 - library to parse EXIF files
Closes: 430012
Changes:
libexif (0.6.16-1) unstable; urgency=high
.
* New upstream release, with security fix:
* Integer overflow in the exif_data_load_data_entry (CVE-2006-4168)
(closes: #430012)
Files:
01117c993875cf03a154ba99ffdb1bc5 611 libs optional libexif_0.6.16-1.dsc
13ceaf57b428f27cac86195a7df1f7f6 1006359 libs optional
libexif_0.6.16.orig.tar.gz
4da13a8fa05d18b2b5b41a0839c83ba2 16846 libs optional libexif_0.6.16-1.diff.gz
3a0fa1e6c6815a7fcb09ec91fee288fb 144042 libdevel optional
libexif-dev_0.6.16-1_i386.deb
477a1de50a639fe9c5778d60bb8599d8 236784 libs optional
libexif12_0.6.16-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGesfVoR3LsWeD7V4RApppAJ4hrxSjHw2L5ZtpcRNsGuBUxRCtKgCgmdl1
UC17eRKDVSU45J1nM8e4XAU=
=ldiW
-----END PGP SIGNATURE-----
--- End Message ---
