Subject: CVS commit: pkgsrc/graphics/libexif
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 05/13/2005 11:58:00
Module Name: pkgsrc
Committed By: salo
Date: Fri May 13 11:58:00 UTC 2005
Modified Files:
pkgsrc/graphics/libexif: Makefile buildlink3.mk distinfo
Added Files:
pkgsrc/graphics/libexif/patches: patch-ac
Log Message:
Security fix:
"Matthias Clasen has reported a vulnerability in libexif, which can be
exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to an infinite recursion in the
"exif_data_load_data_content()" function and can be exploited to
cause a stack overflow when parsing a specially crafted image.
Successful exploitation may crash an application linked against the
vulnerable library."
Bump PKGREVISION. Patch from:
http://sourceforge.net/tracker/index.php?func=detail&aid=1196787&group_id=12272&atid=112272
To generate a diff of this commit:
cvs rdiff -r1.24 -r1.25 pkgsrc/graphics/libexif/Makefile
cvs rdiff -r1.6 -r1.7 pkgsrc/graphics/libexif/buildlink3.mk
cvs rdiff -r1.14 -r1.15 pkgsrc/graphics/libexif/distinfo
cvs rdiff -r0 -r1.1 pkgsrc/graphics/libexif/patches/patch-ac
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.