Debian Bug report logs -
#424775
CVE-2007-2645: libexif 0.6.14 fixes security issue
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 17 May 2007 09:54:02 UTC
Severity: grave
Tags: security
Found in versions 0.6.13-6, 0.6.13-5, 0.6.9-6
Fixed in version libexif/0.6.15-1
Done: Frederic Peters <fpeters@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>:
Bug#424775; Package libexif.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Frederic Peters <fpeters@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libexif
Severity: grave
Tags: security
Justification: user security hole
A vulnerability has been found in libexif:
"Integer overflow in the exif_data_load_data_entry function in
exif-data.c in libexif before 0.6.14 allows user-assisted remote
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via crafted EXIF data, involving the (1) doff or (2) s
variable."
See
http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272
Please mention the CVE id in the changelog.
Bug marked as found in version 0.6.13-6.
Request was from Stefan Fritsch <sf@debian.org>
to control@bugs.debian.org.
(Thu, 17 May 2007 10:06:02 GMT) (full text, mbox, link).
Bug marked as found in version 0.6.13-5.
Request was from Stefan Fritsch <sf@debian.org>
to control@bugs.debian.org.
(Thu, 17 May 2007 10:06:03 GMT) (full text, mbox, link).
Bug marked as found in version 0.6.9-6.
Request was from Stefan Fritsch <sf@debian.org>
to control@bugs.debian.org.
(Thu, 17 May 2007 10:06:05 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#424775; Package libexif.
(full text, mbox, link).
Acknowledgement sent to Frederic Peters <fpeters@debian.org>:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #16 received at 424775@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hello security team (and sorry for being late, I was away and forgot
to mark me on vacation on db.debian.org),
Stefan Fritsch wrote:
> Package: libexif
> Severity: grave
> Tags: security
> Justification: user security hole
>
> A vulnerability has been found in libexif:
> "Integer overflow in the exif_data_load_data_entry function in
> exif-data.c in libexif before 0.6.14 allows user-assisted remote
> attackers to cause a denial of service (crash) or possibly execute
> arbitrary code via crafted EXIF data, involving the (1) doff or (2) s
> variable."
>
> See
> http://sourceforge.net/tracker/index.php?func=detail&aid=1716196&group_id=12272&atid=112272
>
> Please mention the CVE id in the changelog.
I prepared 0.6.13-5.etch.1 for upload, please find the interdiff
attached to this email (stripped of a copy of config.log that sneaked
in 0.6.13-5 diff).
I also backported other security related fixes that went in between
0.6.14 and 0.6.15 (but have not been announced).
libexif (0.6.13-5.etch.1) stable-security; urgency=high
* Backported security fix from 0.6.14 and 0.6.15
* Integer overflow in the exif_data_load_data_entry (CVE-2007-2645)
(closes: #424775)
* Don't dereference NULL (CID 4) (no assigned CVE)
* Don't parse Makernote when there is not enough data for
(makernote-irelevant) IFD1 (no assigned CVE)
-- Frederic Peters <fpeters@debian.org> Thu, 24 May 2007 13:01:20 +0200
Is this okay for upload ?
Regards,
Frederic
[libexif-cve.inter.diff (text/x-diff, attachment)]
[libexif_0.6.13-5.etch.1.dsc (text/plain, attachment)]
[libexif_0.6.13-5.etch.1.diff.gz (application/x-gunzip, attachment)]
[Message part 5 (application/pgp-signature, inline)]
Reply sent to Frederic Peters <fpeters@debian.org>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #21 received at 424775-close@bugs.debian.org (full text, mbox, reply):
Source: libexif
Source-Version: 0.6.15-1
We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:
libexif-dev_0.6.15-1_i386.deb
to pool/main/libe/libexif/libexif-dev_0.6.15-1_i386.deb
libexif12_0.6.15-1_i386.deb
to pool/main/libe/libexif/libexif12_0.6.15-1_i386.deb
libexif_0.6.15-1.diff.gz
to pool/main/libe/libexif/libexif_0.6.15-1.diff.gz
libexif_0.6.15-1.dsc
to pool/main/libe/libexif/libexif_0.6.15-1.dsc
libexif_0.6.15.orig.tar.gz
to pool/main/libe/libexif/libexif_0.6.15.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 424775@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Frederic Peters <fpeters@debian.org> (supplier of updated libexif package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 25 May 2007 10:04:00 +0200
Source: libexif
Binary: libexif12 libexif-dev
Architecture: source i386
Version: 0.6.15-1
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <fpeters@debian.org>
Changed-By: Frederic Peters <fpeters@debian.org>
Description:
libexif-dev - library to parse EXIF files (development files)
libexif12 - library to parse EXIF files
Closes: 424775
Changes:
libexif (0.6.15-1) unstable; urgency=high
.
* New upstream release, with security fixes:
* Integer overflow in the exif_data_load_data_entry (CVE-2007-2645)
(closes: #424775)
* Don't dereference NULL (CID 4) (no assigned CVE)
* Don't parse Makernote when there is not enough data for
(makernote-irelevant) IFD1 (no assigned CVE)
* debian/patches/30_olympus_makernote.dpatch: merged upstream
* debian/patches/40_crash_looking_up_invalid_values.dpatch: merged upstream
* debian/patches/50_relibtoolize.dpatch: run libtoolize on sources
Files:
9a27e453d9589826398249525a84e347 610 libs optional libexif_0.6.15-1.dsc
01b8e0a2d4cd785246f0178f409b2dd2 991108 libs optional libexif_0.6.15.orig.tar.gz
2b9ee349f27db1392c98a04e8ef59471 26930 libs optional libexif_0.6.15-1.diff.gz
b80b33f2c6f85ad114b2ac2baab531f6 143920 libdevel optional libexif-dev_0.6.15-1_i386.deb
92e8d15dd0ef1fc8a5d54af7405cf59d 222688 libs optional libexif12_0.6.15-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGVps+oR3LsWeD7V4RArIJAJ4vGtwLhpo2o1N/sgrmeFtnE7foXQCfbz8n
PEgXVmY+I4SLL5zJ2GyJ3ME=
=YOom
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 30 Jun 2007 07:59:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:39:53 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon