Package: exiv2 Severity: grave Tags: security, patch Justification: user security hole
Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for exiv2. CVE-2008-2696[0]: Exiv2 0.16 allows user-assisted remote attackers to cause a denial of service (divide-by-zero and application crash) via a zero value in Nikon lens information in the metadata of an image, related to "pretty printing" and the RationalValue::toLong function. See upstream patch at: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696 http://security-tracker.debian.net/tracker/CVE-2008-2696 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
