Bug#1134478: bookworm-pu: package libexif/0.6.24-1+deb12u1
Emmanuel Arias
eamanu at debian.org
Mon Apr 20 18:27:00 BST 2026
Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: libexif at packages.debian.org, eamanu at debian.org
Control: affects -1 + src:libexif
User: release.debian.org at packages.debian.org
Usertags: pu
[ Reason ]
This update attempt to fix all open CVEs for libexif.
[ Impact ]
If the update isn't approved, users will continue to be vulnerable to
CVE-2026-40386, CVE-2026-40385, CVE-2026-32775. Bullseye
users upgrading to Trixie will become vulnerable again.
[ Tests ]
Issues affect to specific hardware
[ Risks ]
All the changes are minor an easy to read the code.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
CVE-2026-40386: fix an integer underflow in a size check.
CVE-2026-40385: Add a check to avoid overflow in system with
32 bits unsigned int size_t.
CVE-2026-32775: Fix an integer undeflow in
mnote_pentax_entry_get_values(). This patch add a check
to verify that maxlen be at least 1.
More information about the Pkg-phototools-devel
mailing list