[Pkg-kde-extras] exiv2 stable update for CVE-2008-2696
nion at debian.org
Thu Aug 7 23:12:05 UTC 2008
the following CVE (Common Vulnerabilities & Exposures) id was
published for exiv2 some time ago.
| Exiv2 0.16 allows user-assisted remote attackers to cause a denial of
| service (divide-by-zero and application crash) via a zero value in
| Nikon lens information in the metadata of an image, related to "pretty
| printing" and the RationalValue::toLong function.
Unfortunately the vulnerability described above is not important enough
to get it fixed via regular security update in Debian stable. It does
not warrant a DSA.
However it would be nice if this could get fixed via a regular point update.
Please contact the release team for this.
This is Debian bug #486328.
A patch can be found on:
This is an automatically generated mail, in case you are already working on an
upgrade this is of course pointless.
For further information:
Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-kde-extras/attachments/20080808/52f3d88b/attachment.pgp
More information about the pkg-kde-extras