-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4618-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso February 06, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libexif CVE ID : CVE-2019-9278 Debian Bug : 945948 An out-of-bounds write vulnerability due to an integer overflow was reported in libexif, a library to parse EXIF files, which could result in denial of service, or potentially the execution of arbitrary code if specially crafted image files are processed. For the oldstable distribution (stretch), this problem has been fixed in version 0.6.21-2+deb9u1. For the stable distribution (buster), this problem has been fixed in version 0.6.21-5.1+deb10u1. We recommend that you upgrade your libexif packages. For the detailed security status of libexif please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libexif Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl48gb9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0RaQQ/+Ks1VwBoS6ylCfSseCTvrq4bsq3QCPJXWZ6YV2TkFZOHc4D6l52KKFvlZ aenjHIC7HJ6XgasxeBq/RUnmLvF3h0wVh4Ej2RZPYqrZKv43coJmpYYyT9RiRpQt CDWNLhRcvOzFx0HiQrVR16KJxYMIPDmhDR8jbCC9dGAPgSX8CmGNUCkiNFbSAbEu iFjQmAyhaAPMp/8LIkAQ3vT1TqH4bxRqXkQdoi+UiD8DJS/KN9DX1AopPCsLTdGH Bry+hIgkbhuEqW1sLNcXTjFYmA3UQvfQrtV0O+i30z03W0Ae64QiIZxyd/vuBpJh yeZxMVjmKhtOdSnh111l9PN3R232lw+3I3RMzapcXh+uj3kBrKKdOtuPrEoZbNU9 6GuzsxRaeLGWwqldCYKfHrlIBdFboCgcxSadmTSK+27rLsd6kMbIRb3tAcN9QVWT LNwNjMnddYo9bMfKls1kxT2ExsV4Uo8gynp1pUJk4twmYqbn690vDGWXGXpkZqpQ dkLoBYJzOig/4KzxA/T7CQ+W8hRfvov50VqRrnIp909VXHKktABXfwvkPgOBRC7a vChKdUajFO0ktUhkWWvUlua8iIPKOStWXA+HP9+cb3Svi2zk6ZSodgA12l+/SviJ 2FE5b+hzkxX2y3+mSFATqeURtCkur/4yEOA+eqeXrRBTIQ3Mskg= =q4iv -----END PGP SIGNATURE-----