-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 20 Apr 2026 07:42:42 -0300 Source: libexif Binary: libexif-doc Architecture: all Version: 0.6.24-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Emmanuel Arias Description: libexif-doc - library to parse EXIF files (documentation) Closes: 1131116 1133922 1133923 Changes: libexif (0.6.24-1+deb12u1) bookworm; urgency=medium . * Team upload. * d/patches/CVE-2026-40386.patch Add patch for CVE-2026-40386. - An integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs (Closes: #1133923). * d/patches/CVE-2026-40385.patch: Add patch for CVE-2026-40385. - An unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. (Closes: #1133922). * d/patches/CVE-2026-32775.patch: Add patch for CVE-2026-32775.patch. - If the exif_mnote_data_get_value function in MakerNotes gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow (Closes: #1131116). Checksums-Sha1: 561ec46c92117dfefdb987f7b6286c77e3fcae25 325204 libexif-doc_0.6.24-1+deb12u1_all.deb a3687512e2dfd804a1b78c84892dc1da96d1e29b 8180 libexif_0.6.24-1+deb12u1_all-buildd.buildinfo Checksums-Sha256: 2cf0e3dde79b39d72909068ed666c12402a2d2ce1d21c805c59c5fe96eca41c1 325204 libexif-doc_0.6.24-1+deb12u1_all.deb 5cc15ebea95ddc4c7130641625ba9e2e59b347248ccd8843d467b4906380e6fa 8180 libexif_0.6.24-1+deb12u1_all-buildd.buildinfo Files: 68a7a38e6b64c3341416c6fc52b1a597 325204 doc optional libexif-doc_0.6.24-1+deb12u1_all.deb 0c0e0a6a6cb5fa07c14c01dbf97379fb 8180 libs optional libexif_0.6.24-1+deb12u1_all-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn/E4IACgkQmgPNRvTf /ze0VQ/+KfqaBOYN6wqHiE3u3sZ2yUG1L9wR5ZdRksQtvAeXIETvQNyIfocufknX nW1LYx5XjgM3JOzxssQ3zk4NFZg8XodedxLTbprzv5yzjZRPKnJikFbrPC0VnYIB YDSKbppsvPS/XpJxQB+BCdRsdgdwCPeTeyOGeQIB3zjrkTWQdpw38es31J1Me/yO Z0SmRU9hTXmh3CoR10CnP79VF274WLOH4qhZt2UxkC076rJAwPdeZyw5exUCqK4A 99YxF5GxjrDcDMnYYKrEeSSx1AEAL40kOgeUPekuYuKszO93LdQ8SXYmYl0Q4z6l 9FZXzzzLGRKO9xiU12Ft92tHUpHy4UVvxeU1JhuCdKd9wBijJ0qbo1RN989wgoyM olmdTupTlY27lf5g7eO9oMRTsrsWvqrANIvzOae1IccSJCnMRi4f/0fWRNV12lJ9 ap6vI/kkNKlgJNEcvunnw+NRppYye581sZ9mXcF4JUgwCE4YpSP/RvTaMyzwrIIW YFFtOtSdZ59g/pXRt5wstaF+EZRNEB5gHYxFiCxkiODDBVlitFHkb0MOZ5Qc0inb 1rJM5cCu+ctwDO20I0Q0WPnVvdB3n6AudPfFUjd1AWDN/SqP+qACqxxxQnRj71tP MgpzX6aafXlTlgBDNUSln53PE0QKoRReGw+7gvHttfV2NaMH6h8= =YlvO -----END PGP SIGNATURE-----