← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #107498

[Bug 1433806] [NEW] Sync exiv2 0.24-4.1 (main) from Debian unstable (main)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Please sync exiv2 0.24-4.1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service via buffer overflow
    - debian/patches/CVE-2014-9449.patch: fix overflow in
      src/riffvideo.cpp.
    - CVE-2014-9449

CVE-2014-9449 is already fixed in Debian.

Changelog entries since current vivid version 0.24-4ubuntu1:

exiv2 (0.24-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add CVE-2014-9449.patch patch.
    CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
    Thanks to Klaus Ethgen <Klaus@xxxxxxxxx> (Closes: #773846)

 -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Wed, 07 Jan 2015 20:25:48
+0100

** Affects: exiv2 (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: exiv2 (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to exiv2 in Ubuntu.
https://bugs.launchpad.net/bugs/1433806

Title:
  Sync exiv2 0.24-4.1 (main) from Debian unstable (main)

Status in exiv2 package in Ubuntu:
  New

Bug description:
  Please sync exiv2 0.24-4.1 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * SECURITY UPDATE: denial of service via buffer overflow
      - debian/patches/CVE-2014-9449.patch: fix overflow in
        src/riffvideo.cpp.
      - CVE-2014-9449

  CVE-2014-9449 is already fixed in Debian.

  Changelog entries since current vivid version 0.24-4ubuntu1:

  exiv2 (0.24-4.1) unstable; urgency=medium

    * Non-maintainer upload.
    * Add CVE-2014-9449.patch patch.
      CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
      Thanks to Klaus Ethgen <Klaus@xxxxxxxxx> (Closes: #773846)

   -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Wed, 07 Jan 2015
  20:25:48 +0100

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/exiv2/+bug/1433806/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next