CVE-2008-2696: DoS via metadata in images

Debian Bug report logs - #486328
CVE-2008-2696: DoS via metadata in images

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2008-2696: DoS via metadata in images

Date: Sun, 15 Jun 2008 13:41:10 +0200

Package: exiv2
Severity: grave
Tags: security, patch
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for exiv2.

CVE-2008-2696[0]:
Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
service (divide-by-zero and application crash) via a zero value in Nikon
lens information in the metadata of an image, related to "pretty
printing" and the RationalValue::toLong function. 

See upstream patch at:
http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499


If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2696
    http://security-tracker.debian.net/tracker/CVE-2008-2696

Message #16 received at 486328-submitter@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: Steffen Joeris <steffen.joeris@skolelinux.de>

Cc: Debian Bug Tracking System <486328-submitter@bugs.debian.org>, debian-release@lists.debian.org

Subject: Re: libexiv2: Bug#486328: CVE-2008-2696: DoS via metadata in images

Date: Mon, 16 Jun 2008 22:06:40 +1000

[Message part 1 (text/plain, inline)]

found 486328 0.16-1
fixed 486328 0.17-1
forwarded 486328 http://dev.robotbattle.com/bugs/view.php?id=0000546
thanks

On Sun, 15 Jun 2008, Steffen Joeris wrote:
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for exiv2.

Thanks Steffen,

I have already uploaded the fixed upstream to experimental, and awaiting 
clearance from debian-release to upload to unstable, which will fix this 
issue for lenny and sid. I do not propose to upload a fixed package to 
testing-updates.

http://lists.debian.org/debian-release/2008/06/msg00231.html

Mark

[signature.asc (application/pgp-signature, inline)]

Message #21 received at 486328-quiet@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: Mark Purcell <msp@debian.org>, 486328-quiet@bugs.debian.org

Cc: debian-release@lists.debian.org

Subject: Re: Bug#486328: libexiv2: Bug#486328: CVE-2008-2696: DoS via metadata in images

Date: Mon, 16 Jun 2008 14:17:35 +0200

[Message part 1 (text/plain, inline)]

On Mon, 16 Jun 2008 02:06:40 pm Mark Purcell wrote:
> found 486328 0.16-1
> fixed 486328 0.17-1
> forwarded 486328 http://dev.robotbattle.com/bugs/view.php?id=0000546
> thanks
>
> On Sun, 15 Jun 2008, Steffen Joeris wrote:
> > Hi,
> > the following CVE (Common Vulnerabilities & Exposures) id was
> > published for exiv2.
>
> Thanks Steffen,
>
> I have already uploaded the fixed upstream to experimental, and awaiting
> clearance from debian-release to upload to unstable, which will fix this
> issue for lenny and sid. I do not propose to upload a fixed package to
> testing-updates.
>
> http://lists.debian.org/debian-release/2008/06/msg00231.html
In this case, testing-security (which gets copied to testing-proposed 
automagically) would be the right way, but the issue is not severe enough, so 
I agree with your opinion.

Thanks for your work.
Cheers
Steffen

[signature.asc (application/pgp-signature, inline)]

Message #26 received at 486328@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: control@bugs.debian.org

Cc: 486328@bugs.debian.org

Subject: setting package to libexiv2-doc libexiv2-dev libexiv2-4 exiv2, tagging 486328

Date: Mon, 16 Jun 2008 22:23:05 +1000

# Automatically generated email from bts, devscripts version 2.10.29
#
# exiv2 (0.17-2) UNRELEASED; urgency=medium
#
#  * Version 0.17 also fixes:
#    - CVE-2008-2696: DoS via metadata in images (Closes: #486328)
#    - crashes when fed with wrong file (Closes: #485670)
#

package libexiv2-doc libexiv2-dev libexiv2-4 exiv2
tags 486328 + pending

Message #33 received at 486328-close@bugs.debian.org (full text, mbox, reply):

From: Mark Purcell <msp@debian.org>

To: 486328-close@bugs.debian.org

Subject: Bug#486328: fixed in exiv2 0.17.1-1

Date: Sat, 21 Jun 2008 05:32:03 +0000

Source: exiv2
Source-Version: 0.17.1-1

We believe that the bug you reported is fixed in the latest version of
exiv2, which is due to be installed in the Debian FTP archive:

exiv2_0.17.1-1.diff.gz
  to pool/main/e/exiv2/exiv2_0.17.1-1.diff.gz
exiv2_0.17.1-1.dsc
  to pool/main/e/exiv2/exiv2_0.17.1-1.dsc
exiv2_0.17.1-1_powerpc.deb
  to pool/main/e/exiv2/exiv2_0.17.1-1_powerpc.deb
exiv2_0.17.1.orig.tar.gz
  to pool/main/e/exiv2/exiv2_0.17.1.orig.tar.gz
libexiv2-4_0.17.1-1_powerpc.deb
  to pool/main/e/exiv2/libexiv2-4_0.17.1-1_powerpc.deb
libexiv2-dev_0.17.1-1_powerpc.deb
  to pool/main/e/exiv2/libexiv2-dev_0.17.1-1_powerpc.deb
libexiv2-doc_0.17.1-1_all.deb
  to pool/main/e/exiv2/libexiv2-doc_0.17.1-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 486328@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mark Purcell <msp@debian.org> (supplier of updated exiv2 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 21 Jun 2008 08:23:53 +1000
Source: exiv2
Binary: exiv2 libexiv2-4 libexiv2-dev libexiv2-doc
Architecture: source all powerpc
Version: 0.17.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian KDE Extras Team <pkg-kde-extras@lists.alioth.debian.org>
Changed-By: Mark Purcell <msp@debian.org>
Description: 
 exiv2      - EXIF/IPTC metadata manipulation tool
 libexiv2-4 - EXIF/IPTC metadata manipulation library
 libexiv2-dev - EXIF/IPTC metadata manipulation library - development files
 libexiv2-doc - EXIF/IPTC metadata manipulation library - HTML documentation
Closes: 485670 486328
Changes: 
 exiv2 (0.17.1-1) unstable; urgency=medium
 .
   * New upstream release
     - Library transition cleared on debian-release/ d-d-a
   * Version 0.17 also fixes:
     - CVE-2008-2696: DoS via metadata in images (Closes: #486328)
     - crashes when fed with wrong file (Closes: #485670)
   * Urgency medium for CVE fix
   * debian/patches/gcc4.3.diff unecessary for gcc-4.3
   * Add /usr/share/bug/exiv2/presubj message for reportbug(1)
Checksums-Sha1: 
 0a9165530debd9308d3b440a6b82a75a099f853c 1368 exiv2_0.17.1-1.dsc
 7872fde6181dd0958c8d855bea35b95094ac06c7 1807220 exiv2_0.17.1.orig.tar.gz
 a318dd7ed4024bf7afd7a3887b87a81e227986e0 8948 exiv2_0.17.1-1.diff.gz
 b214961db8bfa123b5c2826fc3743dd764a4e3a2 3606268 libexiv2-doc_0.17.1-1_all.deb
 a1bf9b20014535132dfd18a290826dc421798fb8 96298 exiv2_0.17.1-1_powerpc.deb
 f80c6d7cd3aa04078a833ce4b9c01b29509489a4 658406 libexiv2-4_0.17.1-1_powerpc.deb
 fdb2a5775b8c76a0c8c37a9972677ff7e168c066 1373722 libexiv2-dev_0.17.1-1_powerpc.deb
Checksums-Sha256: 
 674319b1fd2f7b0cf1e55617483f4e24ceb375f6c6bddbb1f94b82e440a9f935 1368 exiv2_0.17.1-1.dsc
 6b5516159a1068e6253c787e391288e1b170bc702553c7121c4b693b293704cb 1807220 exiv2_0.17.1.orig.tar.gz
 5d05da45a36cbd2f9c898a010164b8c3cc4622d73211e6b7c8d7e22da2dda1c2 8948 exiv2_0.17.1-1.diff.gz
 a154fd4f5764723341c9fcb8d2808e54125e5ed3503bf2ebe26c83d58e5f0240 3606268 libexiv2-doc_0.17.1-1_all.deb
 b9fa85f8fa236021721a7a08a88d5ce035393e4fe5e6e75f2cae976beb09a7af 96298 exiv2_0.17.1-1_powerpc.deb
 1105edf1c4a6567c0651938a444bbad4c7712efc892e7d621b85c2f0b3218728 658406 libexiv2-4_0.17.1-1_powerpc.deb
 122c6d6245f8c860d851b72b312f707ef049f03bae4690e51b4d65ecb6789253 1373722 libexiv2-dev_0.17.1-1_powerpc.deb
Files: 
 6f59a29ae32dc1d90a393b2fcd2be82d 1368 graphics optional exiv2_0.17.1-1.dsc
 52a602f4f0d9e89b7084ac795b7547ac 1807220 graphics optional exiv2_0.17.1.orig.tar.gz
 4f8298dac3e9c3b4657f412597f7993e 8948 graphics optional exiv2_0.17.1-1.diff.gz
 6111945daf9b0e40ef562b5c623b667f 3606268 doc optional libexiv2-doc_0.17.1-1_all.deb
 d352fdc790fb8c860875b96a268c01a5 96298 graphics optional exiv2_0.17.1-1_powerpc.deb
 001d9638486baff7cd2511eb450fb24a 658406 libs optional libexiv2-4_0.17.1-1_powerpc.deb
 6eafbb9a92fdc936f1a3be1ffb848841 1373722 libdevel optional libexiv2-dev_0.17.1-1_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkhci4gACgkQoCzanz0IthKsCgCgm0uW/yMpqV6E00LQ1xQ17+1a
pLUAni9dgd68LglRRJasyQepNcJ484pH
=eXWa
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.