exempi (2.2.1-1ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: integer overflow in RIFF.cpp - debian/patches/CVE-2017-18233.patch: fix overflow in source/XMPFiles/FormatSupport/RIFF.cpp. - CVE-2017-18233 * SECURITY UPDATE: DoS via pdf file with JPEG data - debian/patches/CVE-2017-18234.patch: fix error handling and replace memcpy in public/include/XMP_Const.h, public/include/client-glue/WXMP_Common.hpp, source/XMPFiles/FormatSupport/TIFF_MemoryReader.cpp, source/XMPFiles/FormatSupport/TIFF_Support.hpp, source/common/XMP_LibUtils.hpp. - Thanks to Debian for the backport! - CVE-2017-18234 * SECURITY UPDATE: infinite loop via a crafted asf file - debian/patches/CVE-2017-18236.patch: check size in source/XMPFiles/FormatSupport/ASF_Support.cpp. - CVE-2017-18236 * SECURITY UPDATE: infinite loop via XMP data in qt file - debian/patches/CVE-2017-18238.patch: exit loop in source/XMPFiles/FormatSupport/QuickTime_Support.cpp. - CVE-2017-18238 * SECURITY UPDATE: heap-based buffer over-read in the MD5Update() - debian/patches/CVE-2018-7728.patch: check dataLen in source/XMPFiles/FileHandlers/TIFF_Handler.cpp. - CVE-2018-7728 * SECURITY UPDATE: buffer over-read in CacheFileData() - debian/patches/CVE-2018-7730.patch: check dataLen in source/XMPFiles/FormatSupport/PSIR_FileWriter.cpp. - CVE-2018-7730 -- Marc Deslauriers Thu, 31 May 2018 13:48:18 -0400 exempi (2.2.1-1ubuntu1) saucy; urgency=low * Build using autoreconf. -- Matthias Klose Wed, 09 Oct 2013 20:20:24 +0200 exempi (2.2.1-1) unstable; urgency=low * Remove Asheesh from Maintainer and move myself from Uploaders to Maintainer. Thanks Asheesh! * New upstream release. * Use --list-missing to show uninstalled files. * Bump Standards-Version to 3.9.4. No further changes. * Add a new binary package exempi, which contains the exempi command line utility. -- Michael Biebl Sun, 30 Jun 2013 08:02:39 +0200 exempi (2.2.0-1) unstable; urgency=low * New upstream release. * Switch to source format 3.0 (quilt) - Add debian/source/format. - Drop Build-Depends on quilt. - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk include. - Remove debian/README.source. * Move from cdbs to dh - Drop Build-Depends on cdbs. - Bump Build-Depends on debhelper to (>= 7.0.50~) for override targets. - Convert debian/rules to use dh. * Bump Standards-Version to 3.9.2. No further changes. * Don't use brace expansion in .install files. * Bump shlibs due to API additions. * Bump debhelper compatibility level to 9, which enables hardening build flags and multiarch support. * Mark libexempi3, libexempi3-dev and libexempi-dev as Multi-Arch: same. -- Michael Biebl Wed, 22 Feb 2012 14:57:56 +0100 exempi (2.1.1-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.2. No further changes. - Change section of libexempi3-dbg to debug. * debian/rules - Remove DEB_DH_INSTALL_SOURCEDIR, no longer required with debhelper v7 compat mode. * debian/patches/01-gcc_4.4_missing_includes.patch - Removed, merged upstream. -- Michael Biebl Wed, 01 Jul 2009 15:28:19 +0200 exempi (2.1.0-3) unstable; urgency=low * Merge changes from experimental branch. * debian/compat - Bump to debhelper v7 compat mode. * debian/control - Bump Build-Depends on debhelper to (>= 7). -- Michael Biebl Mon, 16 Feb 2009 00:44:01 +0100 exempi (2.1.0-2) experimental; urgency=low * debian/control - Update Vcs-* headers. Package is now managed with Git on git.debian.org. -- Michael Biebl Wed, 28 Jan 2009 21:27:36 +0100 exempi (2.1.0-1) experimental; urgency=low * New upstream release. * debian/control - Add Build-Depends on zlib1g-dev. - Add ${misc:Depends} to all binary packages. * debian/patches/01-gcc_4.4_missing_includes.patch - Refreshed and updated to the latest code changes. * debian/libexempi3.shlibs - Add shlibs file and set it to (>= 2.1.0) due to API additions. -- Michael Biebl Sun, 28 Dec 2008 21:56:13 +0100 exempi (2.0.2-2) unstable; urgency=low * Switch patch management system to quilt. * debian/control - Add Build-Depends on quilt. * debian/rules - Include patchsys-quilt.mk cdbs rules file. * debian/README.source - Document the usage of quilt as patch management system and refer to the quilt documentation for further information. * debian/patches/01-gcc_4.4_missing_includes.patch - Add missing includes to fix FTBFS with GCC 4.4. (Closes: 504944) Thanks to Martin Michlmayr for the patch. -- Michael Biebl Sat, 08 Nov 2008 15:30:52 +0100 exempi (2.0.2-1) unstable; urgency=low * New upstream release. * debian/control - Bump Standards-Version to 3.8.0. No further changes. -- Michael Biebl Sun, 24 Aug 2008 01:27:18 +0200 exempi (2.0.1-1) unstable; urgency=low * New upstream release. * debian/libexempi-dev.install - No longer install the libtool *.la file. -- Michael Biebl Tue, 29 Apr 2008 03:50:56 +0200 exempi (2.0.0-1) unstable; urgency=low * New upstream release. -- Michael Biebl Wed, 02 Apr 2008 06:21:58 +0200 exempi (1.99.9-1) unstable; urgency=low * New upstream release. * debian/control - Remove leading article from short package description. -- Michael Biebl Sat, 02 Feb 2008 04:54:26 +0100 exempi (1.99.8-1) unstable; urgency=low * New upstream release. * debian/patches/01-configure_unittest.patch - Removed, merged upstream. * debian/patches/02-buffer_overflow_gif_header.patch - Removed, merged upstream. -- Michael Biebl Sat, 26 Jan 2008 21:45:01 +0100 exempi (1.99.7-1) unstable; urgency=medium * New upstream release. - Adds missing #includes which fixes FTBFS with GCC 4.3. (Closes: #456087) * debian/control - Bump Standards-Version to 3.7.3. No further changes required. - Drop Build-Depends on libboost-dev. - Make the -dbg package be Priority: extra. * debian/rules - Disable compilation of the unit tests. * debian/patches/01-configure_unittest.patch - Make compilation of the unit tests (which require boost) optional. Patch is pulled from upstream git. * debian/patches/02-buffer_overflow_gif_header.patch - Fix a buffer overflow in the ReadHeader() function when reading GIF images. This poses a security risk as it allows arbitrary code execution. Upload with urgency medium. (Closes: #454297) Thanks to Sjoerd Simons for the help tracking this bug down. -- Michael Biebl Thu, 24 Jan 2008 01:39:45 +0100 exempi (1.99.5-1) unstable; urgency=low * New upstream release. * debian/control - Use the new "Homepage:" field to specify the upstream URL. - The Vcs-* fields are now officially supported, so remove the XS- prefix. * SONAME bump as ABI has changed. Rename package libexempi2 to libexempi3. -- Michael Biebl Wed, 07 Nov 2007 15:29:59 +0100 exempi (1.99.4-1) unstable; urgency=low * New upstream release. -- Michael Biebl Sun, 26 Aug 2007 00:18:41 +0200 exempi (1.99.3-1) unstable; urgency=low * Initial release. (Closes: #438166) -- Asheesh Laroia Wed, 15 Aug 2007 05:20:40 +0200