Branches for Precise

Author: Emmanuel Bouthenot
Revision Date: 2012-01-27 20:34:17 UTC

[ Kees Cook ]

* debian/copyright: fix empty lines in multi-line section, add missing
  intended "license" lines, add missing BSD license for pt_BR.po.
* debian/libexif-dev.install:
  - use multiple lines instead of technically unsupported {}.
  - remove .la file, per release goal; there are no build dep using it.
* debian/{control,compat,*.install,rules}: build for Multi-Arch support
  (Closes: #650998)

[ Emmanuel Bouthenot ]

* Bump Standards-Version to 3.9.2
* Remove DMUA field (no more needed)
* Update debian/rules to enable usage of autotools_dev sequence with
  debhelper
* Switch debhelper compatibility to 9
* Update Vcs-Git and Vcs-Browser fields

Author: Marc Deslauriers
Revision Date: 2012-07-19 13:18:43 UTC

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.patch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.patch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.patch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.patch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841

Author: Marc Deslauriers
Revision Date: 2012-07-19 13:18:43 UTC

* SECURITY UPDATE: denial of service and possible info disclosure via
  corrupted EXIF_TAG_COPYRIGHT tag (LP: #1024213)
  - debian/patches/CVE-2012-2812.patch: fix reading tags that aren't
    NUL-terminated in libexif/exif-entry.c.
  - CVE-2012-2812
* SECURITY UPDATE: denial of service and possible info disclosure via
  UTF-16 tag (LP: #1024213)
  - debian/patches/CVE-2012-2813.patch: don't read past the end of a
    tag when converting from UTF-16 in libexif/exif-entry.c.
  - CVE-2012-2813
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2814.patch: fix buffer overflows in
    libexif/exif-entry.c.
  - CVE-2012-2814
* SECURITY UPDATE: denial of service and possible info disclosure via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2836.patch: fix buffer overflows in
    libexif/exif-data.c
  - CVE-2012-2836
* SECURITY UPDATE: denial of service via crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2837.patch: fix some possible
    division-by-zeros in libexif/olympus/mnote-olympus-entry.c.
  - CVE-2012-2837
* SECURITY UPDATE: denial of service and possible code execution via
  crafted tags (LP: #1024213)
  - debian/patches/CVE-2012-2840.patch: fix off-by-one in
    libexif/exif-utils.c.
  - CVE-2012-2840
* SECURITY UPDATE: denial of service and possible code execution via
  incorrect buffer size (LP: #1024213)
  - debian/patches/CVE-2012-2841.patch: validate buffer length in
    libexif/exif-entry.c.
  - CVE-2012-2841