Path: csiph.com!fu-berlin.de!bofh.it!news.nic.it!robomod From: Debian FTP Masters Newsgroups: linux.debian.changes Subject: Accepted libexif 0.6.24-1+deb12u1 (source) into oldstable-proposed-updates Date: Sat, 09 May 2026 10:40:02 +0200 Message-ID: X-Original-To: debian-changes@lists.debian.org X-Mailbox-Line: From debian-changes-request@lists.debian.org Sat May 9 08:35:01 2026 Old-Return-Path: X-Spam-Flag: NO X-Spam-Score: -110.39 X-Dak: dak process-policy X-Debian: DAK X-Debian-Package: libexif Debian: DAK Debian-Changes: libexif_0.6.24-1+deb12u1_source.changes Debian-Source: libexif Debian-Version: 0.6.24-1+deb12u1 Debian-Architecture: source Debian-Suite: oldstable-proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============3259895545830938291==" X-Debian-Message: from DAK Reply-To: debian-devel@lists.debian.org Mail-Followup-To: debian-devel@lists.debian.org X-Mailing-List: archive/latest/18341 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/E1wLd9A-000000039A3-2R6i@fasolo.debian.org Approved: robomod@news.nic.it Lines: 86 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Sat, 09 May 2026 08:34:52 +0000 X-Original-Message-ID: Xref: csiph.com linux.debian.changes:13723 --===============3259895545830938291== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 20 Apr 2026 07:42:42 -0300 Source: libexif Architecture: source Version: 0.6.24-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian PhotoTools Maintainers Changed-By: Emmanuel Arias Closes: 1131116 1133922 1133923 Changes: libexif (0.6.24-1+deb12u1) bookworm; urgency=3Dmedium . * Team upload. * d/patches/CVE-2026-40386.patch Add patch for CVE-2026-40386. - An integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs (Closes: #1133923). * d/patches/CVE-2026-40385.patch: Add patch for CVE-2026-40385. - An unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. (Closes: #1133922). * d/patches/CVE-2026-32775.patch: Add patch for CVE-2026-32775.patch. - If the exif_mnote_data_get_value function in MakerNotes gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow (Closes: #1131116). Checksums-Sha1: 1b09676ca50532eb3d8d29ecfee6eb8d5ea06ffa 2136 libexif_0.6.24-1+deb12u1.dsc e7c156763b2a597ba687cd99a42f8ab47e9aa7ea 13356 libexif_0.6.24-1+deb12u1.debi= an.tar.xz a1469c59ab8918f9196e8b56a4a34addf2ef724f 9508 libexif_0.6.24-1+deb12u1_amd64= .buildinfo Checksums-Sha256: 966c6129c35f398ec868398e126496764c3afabe5f3ec3e8b7f1eba61144b4f6 2136 libexi= f_0.6.24-1+deb12u1.dsc ddf8224fe0d54ab840e2f85f4e0a219103079b043ec59ca6f900d7476927e613 13356 libex= if_0.6.24-1+deb12u1.debian.tar.xz 0e5bacca5d06dcc0c3abd5e17b8c8a643db0b960182b421218d8f490b9d3256d 9508 libexi= f_0.6.24-1+deb12u1_amd64.buildinfo Files: 74fa6801eed54778cb5f318d26cf65f2 2136 libs optional libexif_0.6.24-1+deb12u1= .dsc 4bd28e346babbc93a9175ae729853657 13356 libs optional libexif_0.6.24-1+deb12u= 1.debian.tar.xz ead7bbe9b28cf25de3489b29e4140a0c 9508 libs optional libexif_0.6.24-1+deb12u1= _amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmn+YMYSHGVhbWFudUBk ZWJpYW4ub3JnAAoJEPqd7F3hHGPxUJkP+wTW/zj+KQlpM0fDaFIPbC6OtvDNvYLx ukv0ALvxyynnDcbLgEbkMe35WbH5P6Ciygw4DbjmlwjoFzw7OlFymos1HNlrjwZF yDfDzxC0zqHDsSi9aKBdq9AVsaw1HQQZV5zvTKRMExUCgtmGtwyNNr616+aKx00t WGUoqdYQiCpFYUZFF5kHa6Rpup9IUCAFKHjhKxOab8Fwv7H6zjE0T6Nwc9Ur7KHM 3APF08Vb32bwSzw/jfE/yTLDDo0FiNk4ZOlXjLzjnGNuHsi4mde78oR5w7DN+AmJ Fzw1/vWao2nh1djnT9g3I/Z70550/shmVwX4uV3WcVtg7UA+B9+kU7NpCcQEoLLk NMT39dLnUqnMJxUoHz66EV+7QoWMs4ISNROEm1/Ji/c1BTY0qGXCPHPtdypijn0k wWzj4HSEs5ETNUuUKYLRHvBXtiHtvQtC+CljTrMNBZwZOFJKhU6wPMpGg4loETFQ dO61PrM4Su4HE4MnzgKA1grlzJTBG2Y3Qe7merYnAYPck2MBxBw5NDOHhMmTeEY/ K8AR8m/NRQblP0aMWny/IAbDTuQBS32lb4Xq9TcMuRSVhX/skC+Mz0J8zUyWb/kl +yMbNlfmHpcT4lA7kxFzdnMuOZ6RpWoOUakglTVB84hLOmTDjaB1zrq7oJIDTtmL ZSsDQC3hp6LT =3D+DHZ -----END PGP SIGNATURE----- --===============3259895545830938291== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaf7xrAAKCRCb9qggYcy5 IWEZAP0b25WwRornQ3+xzzxorFIpj9MDZZVWNBwZ8E0GrKx+SQD/TDRNUTMPYb4w jzdDa+WQZ3mkIkvyoYIHTfl/RnrnSA8= =LNgC -----END PGP SIGNATURE----- --===============3259895545830938291==--