![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package libexif for openSUSE:Factory checked in at 2012-07-13 11:31:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libexif (Old) and /work/SRC/openSUSE:Factory/.libexif.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libexif", Maintainer is "meissner@suse.com" Changes: -------- --- /work/SRC/openSUSE:Factory/libexif/libexif.changes 2011-09-23 02:08:11.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libexif.new/libexif.changes 2012-07-13 11:31:56.000000000 +0200 @@ -1,0 +2,40 @@ +Thu Jul 12 20:02:18 UTC 2012 - meissner@suse.com + +- updated to 0.6.21 + * Fixed some buffer overflows in exif_entry_format_value() + This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed an off-by-one error in exif_convert_utf16_to_utf8() + This can cause a one-byte NUL write past the end of the buffer. + This fixes CVE-2012-2840 + * Don't read past the end of a tag when converting from UTF-16 + This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed an out of bounds read on corrupted input + The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, + NUL-terminated. + This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of + Google Security Team + * Fixed a buffer overflow problem in exif_entry_get_value + If the application passed in a buffer length of 0, then it would + be treated as the buffer had unlimited length. + This fixes CVE-2012-2841 + * Fix a buffer overflow on corrupt EXIF data. + This fixes bug #3434540 and fixes part of CVE-2012-2836 + Reported by Yunho Kim + * Fix a buffer overflow on corrupted JPEG data + An unsigned data length might wrap around when decremented + below zero, bypassing sanity checks on length. + This code path can probably only occur if exif_data_load_data() + is called directly by the application on data that wasn't parsed + by libexif itself. + This solves the other part of CVE-2012-2836 + * Fixed some possible division-by-zeros in Olympus-style makernotes + This fixes bug #3434545, a.k.a. CVE-2012-2837 + Reported by Yunho Kim + + * lots and lots of translations updates. + * added more Canon lenses. + * changed "knots" to "nautical miles" + +------------------------------------------------------------------- Old: ---- libexif-0.6.20.tar.bz2 New: ---- libexif-0.6.21.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libexif.spec ++++++ --- /var/tmp/diff_new_pack.8pcfmQ/_old 2012-07-13 11:32:00.000000000 +0200 +++ /var/tmp/diff_new_pack.8pcfmQ/_new 2012-07-13 11:32:00.000000000 +0200 @@ -1,7 +1,7 @@ # -# spec file for package libexif (Version 0.6.20) +# spec file for package libexif # -# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -15,19 +15,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: libexif -BuildRequires: doxygen pkg-config +BuildRequires: doxygen +BuildRequires: pkg-config Url: http://libexif.sourceforge.net +Summary: An EXIF Tag Parsing Library for Digital Cameras License: LGPL-2.1+ Group: System/Libraries -Summary: An EXIF Tag Parsing Library for Digital Cameras -Version: 0.6.20 -Release: 2 +Version: 0.6.21 +Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build -Source0: %{name}-%{version}.tar.bz2 +Source0: https://downloads.sourceforge.net/project/libexif/%{name}/%{version}/%{name}-%{version}.tar.bz2 Source1: baselibs.conf %define pname libexif12 @@ -36,7 +35,6 @@ %package -n %{pname} - Summary: An EXIF Tag Parsing Library for Digital Cameras Group: System/Libraries Provides: libexif = %{version} @@ -52,10 +50,10 @@ %package devel -License: LGPL-2.1+ -Group: Development/Libraries/C and C++ Summary: An EXIF Tag Parsing Library for Digital Cameras (Development files) -Requires: %{pname} = %{version} glibc-devel +Group: Development/Libraries/C and C++ +Requires: %{pname} = %{version} +Requires: glibc-devel %description devel This library is used to parse EXIF information from JPEGs created by ++++++ libexif-0.6.20.tar.bz2 -> libexif-0.6.21.tar.bz2 ++++++ ++++ 106386 lines of diff (skipped) -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org
participants (1)
-
root@hilbert.suse.de