Debian Bug report logs - #298464
libexif10: Vulnerable to buffer overflows

version graph

Package: libexif10; Maintainer for libexif10 is (unknown);

Reported by: Martin Pitt <>

Date: Mon, 7 Mar 2005 17:33:05 UTC

Severity: grave

Tags: patch, security

Fixed in version libexif/0.6.9-5

Done: Frederic Peters <>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to,, Frederic Peters <>:
Bug#298464; Package libexif10. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <>:
New Bug report received and forwarded. Copy sent to, Frederic Peters <>. Full text and rfc822 format available.

Message #5 received at (full text, mbox):

From: Martin Pitt <>
To: Debian Bug Tracking System <>
Subject: libexif10: Vulnerable to buffer overflows
Date: Mon, 7 Mar 2005 18:26:32 +0100
[Message part 1 (text/plain, inline)]
Package: libexif10
Severity: grave
Tags: security patch
Justification: user security hole


libexif is vulnerable against some buffer overflows. Please see

for details. You can get the Ubuntu patch at



-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.11
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages libexif10 depends on:
ii  libc6                       2.3.2.ds1-20 GNU C Library: Shared libraries an

Martin Pitt             
Ubuntu Developer  
Debian GNU/Linux Developer
[signature.asc (application/pgp-signature, inline)]

Reply sent to Frederic Peters <>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at (full text, mbox):

From: Frederic Peters <>
Subject: Bug#298464: fixed in libexif 0.6.9-5
Date: Mon, 07 Mar 2005 13:17:17 -0500
Source: libexif
Source-Version: 0.6.9-5

We believe that the bug you reported is fixed in the latest version of
libexif, which is due to be installed in the Debian FTP archive:

  to pool/main/libe/libexif/libexif-dev_0.6.9-5_i386.deb
  to pool/main/libe/libexif/libexif10_0.6.9-5_i386.deb
  to pool/main/libe/libexif/libexif_0.6.9-5.diff.gz
  to pool/main/libe/libexif/libexif_0.6.9-5.dsc

A summary of the changes between this version and the previous one is

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
Frederic Peters <> (supplier of updated libexif package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing

Hash: SHA1

Format: 1.7
Date: Mon,  7 Mar 2005 18:56:31 +0100
Source: libexif
Binary: libexif10 libexif-dev
Architecture: source i386
Version: 0.6.9-5
Distribution: unstable
Urgency: high
Maintainer: Frederic Peters <>
Changed-By: Frederic Peters <>
 libexif-dev - library to parse EXIF files (development files)
 libexif10  - library to parse EXIF files
Closes: 298464
 libexif (0.6.9-5) unstable; urgency=high
   * Urgency high since it fixes a security issue.
   * Patch provided from Ubuntu by Martin Pitt, written by Sylvain Defresne.
   * libexif/exif-data.c: Add buffer size checks in several places before
     trying to access it. (closes: #298464)
   * Reference:
   * debian/control: reworded description synopsis.
 ea2a9569859ce74f1c07f58cc7bf9dac 579 libs optional libexif_0.6.9-5.dsc
 5c75af2ea0bac0cebc858b8ee596d5c7 4322 libs optional libexif_0.6.9-5.diff.gz
 593b699131a8b5469b0bd8ea73c4a7ff 66588 libdevel optional libexif-dev_0.6.9-5_i386.deb
 be542f3a7366f8c31379447f40a51754 80952 libs optional libexif10_0.6.9-5_i386.deb

Version: GnuPG v1.4.0 (GNU/Linux)


Bug unarchived. Request was from Stefano Zacchiroli <> to (Sun, 10 Apr 2011 08:46:04 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <> to (Mon, 09 May 2011 07:45:22 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.

Debian bug tracking system administrator <>. Last modified: Sun Apr 20 04:36:35 2014; Machine Name:

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.