CVE-2012-2845

Debian Bug report logs - #681465
CVE-2012-2845

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2012-2845

Date: Fri, 13 Jul 2012 14:52:25 +0200

Package: exif
Severity: grave
Tags: security

CVE-2012-2845 (please see #681454 for the initial report) needs to be fixed
in exif rather than libexif.

This doesn't warrant a DSA, but you could still fix it through a stable point
update.

Cheers,
        Moritz

Message #10 received at 681465-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@debian.org>

To: 681465-close@bugs.debian.org

Subject: Bug#681465: fixed in exif 0.6.20-2

Date: Tue, 17 Jul 2012 21:02:20 +0000

Source: exif
Source-Version: 0.6.20-2

We believe that the bug you reported is fixed in the latest version of
exif, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 681465@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kolter@debian.org> (supplier of updated exif package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 28 Apr 2011 20:23:15 +0000
Source: exif
Binary: exif
Architecture: source amd64
Version: 0.6.20-2
Distribution: unstable
Urgency: high
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Emmanuel Bouthenot <kolter@debian.org>
Description: 
 exif       - command-line utility to show EXIF information in JPEG files
Closes: 681465
Changes: 
 exif (0.6.20-2) unstable; urgency=high
 .
   * Add a patch to fix security issue CVE-2012-2845 (Closes: #681465)
Checksums-Sha1: 
 d8c51412ae88e3f971d1a2c016a443b4aa63dc4b 1997 exif_0.6.20-2.dsc
 c8b1203d298046829f265154d89e3595c3ef609a 6617 exif_0.6.20-2.debian.tar.gz
 083208511e3016aea561f105e017f27b0bc2524f 54020 exif_0.6.20-2_amd64.deb
Checksums-Sha256: 
 205d0ac03a02f6b1ecf264d2f237b2933dba59cecb161898661a1cfbd28faf98 1997 exif_0.6.20-2.dsc
 29347e9260f72f28e47703e5516b5a39554c806b582a527fc89388886c39163e 6617 exif_0.6.20-2.debian.tar.gz
 409a46a1c778f0f28e219a1f82ed4a3e94139638136f0ef7c2330cf185b9924b 54020 exif_0.6.20-2_amd64.deb
Files: 
 32ca97a4d77c37c7a074c6a377c858f6 1997 graphics optional exif_0.6.20-2.dsc
 4b431bf8a7ee33fecfd2bde40efebb6d 6617 graphics optional exif_0.6.20-2.debian.tar.gz
 c0fe09f2cab70f4720a78efc4b13c46d 54020 graphics optional exif_0.6.20-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJQBc58AAoJEEsHdyOSnULDloMP/2gvLdBmPPwI59+EXaAymptY
T7Ky+IVNS+CcUrtqhE88RmlieR/ojQRDU9AsuPb9QCczxC9wPNpF/htBkcZEwCYj
ua6Q2HtWqbrvmPTSKBfYmyBUg55Rg6GfHy+DWO6xtGJtUCHUO7hp0F1dROkFyGZy
gb7yaIEGCLW3A9nAWjhREUgRS11WwaP74Um2EF/XP9PkFD71PUPMjlZtOCUgfvdn
SHYf/TzDzCLhNt+BsHWlMAq5w8+XC1nxiEOtfaioCuWg14SCW+MatSYYrP5DobxO
ni2C5hlOuMFYwJ4ViYnFWXL8yeaDUWnmMvpPAictD8LG839jbnx5l7nRMUj6Y6Wg
mDY+fC7QLI11/GXb3HC3B7ixK2ie3zTgB0d+vCG292bSrUJZzrb62qCFuLO7JWdd
quTTXDc/cglLU/2wfI0zu3BRJ4GGdmTYqPp/rWrbSzD/9whbodz+fF6nEmgE3mN0
tzqLDo1szRFb3iSorxDpYCBpgVpXrOxL/2YJJfk1qEFUazAPCpJkS5Ayt6XxMYQD
YS70D22oo3tqKxHbvFJct6pFIsMH9IS694jY2q6x0PfokbxeCyOo94I7q3ZUgkpp
Xigolfh9yjPSv+s0YdPZMjtl432Iik3nRseIsBDtf/hpw8DM57MqNZ0Oz5EnTHAS
SL+9m4CFEz12o9TDt5Fh
=Bq4r
-----END PGP SIGNATURE-----

Message #15 received at 681465@bugs.debian.org (full text, mbox, reply):

From: Jonathan Wiltshire <jmw@debian.org>

To: 681465@bugs.debian.org

Subject: Re: CVE-2012-2845

Date: Wed, 18 Jul 2012 11:15:02 -0000

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.6) - use target "stable"

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-release@lists.debian.org
1: http://prsc.debian.net/tracker/681465/
2: <201101232332.11736.thijs@debian.org>
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Send a report that this bug log contains spam.