Accepted exempi 2.5.0-2+deb10u1 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted exempi 2.5.0-2+deb10u1 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 24 Sep 2023 20:40:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: exempi_2.5.0-2+deb10u1_source.changes
- Debian-source: exempi
- Debian-suite: oldoldstable
- Debian-version: 2.5.0-2+deb10u1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=StJuL1y3lCqNbUvkzbKBc/7af31fOMayb1PWij+0IT4=; b=OBnn2fA/LTIuJNPmhVsHmwojhK wyWi9hDFFI1slttlwNywC5FGLjuwz8Pq/AZGOiIg8+Ednw5qe8TFKQs67Zi2GzvTUOcZdMO44/ppH sg8gq4cfntnJEjmrkhPn6hMf4zlpqfoisnus7vMUGso6YymedSDNl+YqGnw2IW8DfpklwGUOVmPRb zGFvHTa5zGFD6/cJndAmqEn4gobmaEFVk00goEwGk5Dw0dJtCCGkq3tmG0n57Fsd+2cQB6qMMJMBp 1XxD3B+6aQ+WvBa9Z94A12GXbm//F70d2iYKuNnkqWlJbCxXs+0mOJSWONtNf77ox1yz02T9wQnGM AR8cTxLQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qkVtt-00EtQn-Tw@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 24 Sep 2023 16:28:18 +0000
Source: exempi
Architecture: source
Version: 2.5.0-2+deb10u1
Distribution: buster-security
Urgency: medium
Maintainer: Michael Biebl <biebl@debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
exempi (2.5.0-2+deb10u1) buster-security; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* Fix CVE-2020-18651: A Buffer Overflow vulnerability
in function ID3_Support::ID3v2Frame::getFrameValue
allows remote attackers to cause a denial of service
* Fix CVE-2020-18652: A Buffer Overflow vulnerability in
WEBP_Support.cpp allows remote attackers to cause a
denial of service
* Fix as per bulletin APSB21-65:
- CVE-2021-36045: an out-of-bounds read vulnerability
that could lead to disclosure of arbitrary memory.
- CVE-2021-36046: a memory corruption vulnerability,
potentially resulting in arbitrary code execution
in the context of the current use
- CVE-2021-36047: an Improper Input Validation
vulnerability potentially resulting in arbitrary
code execution in the context of the current use
- CVE-2021-36048: Improper Input Validation
vulnerability potentially resulting in arbitrary
code execution in the context of the current user
- CVE-2021-36050: a buffer overflow vulnerability
potentially resulting in arbitrary code execution
in the context of the current user
- CVE-2021-36051: a buffer overflow vulnerability
potentially resulting in arbitrary code execution
in the context of the current user
- CVE-2021-36052: a memory corruption vulnerability,
potentially resulting in arbitrary code execution
in the context of the current user
- CVE-2021-36053: an out-of-bounds read vulnerability
that could lead to disclosure of arbitrary memory
- CVE-2021-36054: a buffer overflow vulnerability potentially
resulting in local application denial of service
- CVE-2021-36055: a use-after-free vulnerability that could
result in arbitrary code execution
- CVE-2021-36056: a buffer overflow vulnerability potentially
resulting in arbitrary code execution in the context of
the current user.
- CVE-2021-36057: a write-what-where condition vulnerability
caused during the application's memory allocation process.
This may cause the memory management functions to become
mismatched resulting in local application denial of service
in the context of the current user.
- CVE-2021-36058: an Integer Overflow vulnerability potentially
resulting in application-level denial of service in the
context of the current user.
- CVE-2021-36064: a Buffer Underflow vulnerability which
could result in arbitrary code execution in the context
of the current user
- CVE-2021-39847: a stack-based buffer overflow vulnerability
potentially resulting in arbitrary code execution in the
context of the current user.
Checksums-Sha1:
e3b1ebb120bce4451cbe30343db2bd1ee0d0b356 2019 exempi_2.5.0-2+deb10u1.dsc
2461c1149187350c1b174e23b188e7884a32ec66 3658187 exempi_2.5.0.orig.tar.bz2
0bfcaa4448dbb1468bfda2fba623c45e1d842dc3 24764 exempi_2.5.0-2+deb10u1.debian.tar.xz
5a6893e0e54255c9db6aa9ff76620fe721ac2b57 6859 exempi_2.5.0-2+deb10u1_amd64.buildinfo
Checksums-Sha256:
11eaf44dd0dffd2297eb7ee71539747ea1a512fc90fe995b9644260c671aa87a 2019 exempi_2.5.0-2+deb10u1.dsc
dc82fc24c0540a44a63fa4ad21775d24e00e63f1dedd3e2ae6f7aa27583b711b 3658187 exempi_2.5.0.orig.tar.bz2
f21789861ed70f67a28f3f55b07fc8c320c6520ac0a9e780de617272ad4b13e5 24764 exempi_2.5.0-2+deb10u1.debian.tar.xz
43179da11ea590f3b4ca7dfe940ed4aea84f1bc1270cb4d23ed8dfe6cdb49744 6859 exempi_2.5.0-2+deb10u1_amd64.buildinfo
Files:
57367ff0c0fefdaac717c27362f7af96 2019 libs optional exempi_2.5.0-2+deb10u1.dsc
e0976661e4a09b6206228c8b8b447b53 3658187 libs optional exempi_2.5.0.orig.tar.bz2
dab78a617ec80049be71cff7da62691b 24764 libs optional exempi_2.5.0-2+deb10u1.debian.tar.xz
3e1476e47f63f61a716963fd91943142 6859 libs optional exempi_2.5.0-2+deb10u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmUQm/oRHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF/jtQ//dWmMKIEGo2JpMdUF4Dwq5KL2Hanghfkv
k5055NKoYQ/9LRJmvlJuAeTcHeSQ9rD5X55IjpNtBFZ4KNZYcMYXVXOVd2IDRcyV
VK+g+6osK5m5+iqUMio8hWFHAU2rCN4IAHjJlUweD6VrLzCzckUB/zpsGwyRq2fd
WUqBkheglUYi99CEeO6g8BvFXDs3ZMEeNe2+ospcEuxYRCbUoRALD73k7QdfSAqF
CI5NojkLBnmZi9/ZPiufPHBB0u4UsF4XVhL47DU+l/GSag55Do63ikf250yCQ2j3
a72/Ml16+qsbqWAk66beTyrEyGGm3Nx/oJI42PPGTZYnuzy2rM9JoOKtyILItU0R
I5fo6IhaK8QL7jzbL4bOoq4jm+v0vBTujZQtdDqIDQYuqUVQWlWCoEbTCZhJ2y0q
rbPXjaioFX7SMa0UgUR5bCa7V9VRycHdGkRH97rpJZQb3ZphBZI6vDQLtIFSUtSg
QPEy2gyNXX+PxqhylWE+1+usHzhN9ci0tDZMQBklcvtsf9ly1lNHzq4VNdanxQ1R
eoSfZxBNpuTtmbsL50JwB+Kt8mhB7cMusQtdEvGqhtxnjyM5nE1XmohUvmi/i8/g
iU0mJF3Tb5A7ueCq5ouqj2OPt62i/tHJMKD34ZUkAlEFbePJEcoznkPBxJPSnBWV
xWEeNsaqgsM=
=4h+q
-----END PGP SIGNATURE-----