|Index||index by Group||index by Distribution||index by Vendor||index by creation date||index by Name||Mirrors||Help||Search|
|Name: libexif12-32bit||Distribution: openSUSE Leap 15.1|
|Version: 0.6.22||Vendor: openSUSE|
|Release: lp18.104.22.168||Build date: Mon Jun 8 10:05:59 2020|
|Group: System/Libraries||Build host: lamb23|
|Size: 243612||Source RPM: libexif-0.6.22-lp22.214.171.124.src.rpm|
|Summary: An EXIF Tag Parsing Library for Digital Cameras|
This library is used to parse EXIF information from JPEGs created by digital cameras.
* Mon May 18 2020 Marcus Meissner <firstname.lastname@example.org> - libexif-0.6.22 (2020-05-18) release: * New translations: ms * Updated translations for most languages * Fixed C89 compatibility * Fixed warnings on recent versions of autoconf * Some useful EXIF 2.3 tag added: * EXIF_TAG_GAMMA * EXIF_TAG_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE * EXIF_TAG_GPS_H_POSITIONING_ERROR * EXIF_TAG_CAMERA_OWNER_NAME * EXIF_TAG_BODY_SERIAL_NUMBER * EXIF_TAG_LENS_SPECIFICATION * EXIF_TAG_LENS_MAKE * EXIF_TAG_LENS_MODEL * EXIF_TAG_LENS_SERIAL_NUMBER * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. * CVE-2018-20030: Fix for recursion DoS (bsc#1120943) * CVE-2020-13114: Time consumption DoS when parsing canon array markers (bsc#1172121) * CVE-2020-13113: Potential use of uninitialized memory (bsc#1172105) * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes (bsc#1172116) * CVE-2020-0093: read overflow (bsc#1171847) * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs (bsc#1160770) * CVE-2020-12767: fixed division by zero (bsc#1171475) * CVE-2016-6328: fixed integer overflow when parsing maker notes (bsc#1171475) * CVE-2017-7544: fixed buffer overread (bsc#1059893) - removed patch: libexif-build-date.patch (done similar upstream) - CVE-2016-6328.patch: in upstream release - CVE-2017-7544.patch: in upstream release - libexif-CVE-2018-20030.patch: in upstream release - libexif-CVE-2019-9278.patch: in upstream release * Fri Jan 31 2020 Marcus Meissner <email@example.com> - libexif-CVE-2019-9278.patch: fixed an integer overflow on large file handling (bsc#1160770 CVE-2019-9278) - libexif-CVE-2018-20030.patch: Fixed a denial of service by endless recursion (bsc#1120943 CVE-2018-20030) * Wed Jan 24 2018 firstname.lastname@example.org - Remove %__-type macro indirections. Fix SRPM group. - Use %_smp_mflags for parallel build. - Drop pointless --with-pic (no effect since --disable-static). * Wed Jan 17 2018 email@example.com - Add CVE-2016-6328.patch: Fix integer overflow in parsing MNOTE entry data of the input file (bnc#1055857) - Add CVE-2017-7544.patch: Fix vulnerable out-of-bounds heap read vulnerability (bnc#1059893) * Mon Aug 07 2017 firstname.lastname@example.org - add a libexif-devel-biarch for building with -m32 * Tue Aug 26 2014 email@example.com - Add obsoletes/provides to baselibs.conf. * Fri May 30 2014 firstname.lastname@example.org - fix description to be UTF-8 * Mon May 26 2014 email@example.com - Do not include timestamps in files (libexif-build-date.patch) * Sun May 25 2014 firstname.lastname@example.org - Use LFS_CFLAGS in 32 bit systems. * Thu Jul 12 2012 email@example.com - updated to 0.6.21 * Fixed some buffer overflows in exif_entry_format_value() This fixes CVE-2012-2814. Reported by Mateusz Jurczyk of Google Security Team * Fixed an off-by-one error in exif_convert_utf16_to_utf8() This can cause a one-byte NUL write past the end of the buffer. This fixes CVE-2012-2840 * Don't read past the end of a tag when converting from UTF-16 This fixes CVE-2012-2813. Reported by Mateusz Jurczyk of Google Security Team * Fixed an out of bounds read on corrupted input The EXIF_TAG_COPYRIGHT tag ought to be, but perhaps is not, NUL-terminated. This fixes CVE-2012-2812. Reported by Mateusz Jurczyk of Google Security Team * Fixed a buffer overflow problem in exif_entry_get_value If the application passed in a buffer length of 0, then it would be treated as the buffer had unlimited length. This fixes CVE-2012-2841 * Fix a buffer overflow on corrupt EXIF data. This fixes bug #3434540 and fixes part of CVE-2012-2836 Reported by Yunho Kim * Fix a buffer overflow on corrupted JPEG data An unsigned data length might wrap around when decremented below zero, bypassing sanity checks on length. This code path can probably only occur if exif_data_load_data() is called directly by the application on data that wasn't parsed by libexif itself. This solves the other part of CVE-2012-2836 * Fixed some possible division-by-zeros in Olympus-style makernotes This fixes bug #3434545, a.k.a. CVE-2012-2837 Reported by Yunho Kim * lots and lots of translations updates. * added more Canon lenses. * changed "knots" to "nautical miles"
Generated by rpm2html 1.8.1
Fabrice Bellet, Tue Nov 9 10:07:50 2021