Ubuntu
exiv2 package

Sync exiv2 0.24-4.1 (main) from Debian unstable (main)

Bug #1433806 reported by Artur Rona on 2015-03-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	exiv2 (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

Please sync exiv2 0.24-4.1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service via buffer overflow
    - debian/patches/CVE-2014-9449.patch: fix overflow in
      src/riffvideo.cpp.
    - CVE-2014-9449

CVE-2014-9449 is already fixed in Debian.

Changelog entries since current vivid version 0.24-4ubuntu1:

exiv2 (0.24-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add CVE-2014-9449.patch patch.
    CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
    Thanks to Klaus Ethgen <email address hidden> (Closes: #773846)

-- Salvatore Bonaccorso <email address hidden> Wed, 07 Jan 2015 20:25:48 +0100

CVE References

2014-9449

Artur Rona (ari-tczew) on 2015-03-18

Changed in exiv2 (Ubuntu):
importance:	Undecided → Wishlist

Revision history for this message

Dmitry Shachnev (mitya57) wrote on 2015-03-20:

This bug was fixed in the package exiv2 - 0.24-4.1
Sponsored for Artur Rona (ari-tczew)

---------------
exiv2 (0.24-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add CVE-2014-9449.patch patch.
    CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
    Thanks to Klaus Ethgen <email address hidden> (Closes: #773846)

-- Salvatore Bonaccorso <email address hidden> Wed, 07 Jan 2015 20:25:48 +0100

Changed in exiv2 (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuexiv2 package