-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 20 Apr 2026 07:42:42 -0300 Source: libexif Binary: libexif-dev libexif12 libexif12-dbgsym Architecture: amd64 Version: 0.6.24-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Emmanuel Arias Description: libexif-dev - library to parse EXIF files (development files) libexif12 - library to parse EXIF files Closes: 1131116 1133922 1133923 Changes: libexif (0.6.24-1+deb12u1) bookworm; urgency=medium . * Team upload. * d/patches/CVE-2026-40386.patch Add patch for CVE-2026-40386. - An integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs (Closes: #1133923). * d/patches/CVE-2026-40385.patch: Add patch for CVE-2026-40385. - An unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. (Closes: #1133922). * d/patches/CVE-2026-32775.patch: Add patch for CVE-2026-32775.patch. - If the exif_mnote_data_get_value function in MakerNotes gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow (Closes: #1131116). Checksums-Sha1: 55b91f34bd3581f9c07448f476b276160f5b069c 103304 libexif-dev_0.6.24-1+deb12u1_amd64.deb 868e309a8af4800558c80b47d12e3d585056ced9 138760 libexif12-dbgsym_0.6.24-1+deb12u1_amd64.deb 3851dff2900a8fbd05ab529f5b37c1a7b7a8006f 396604 libexif12_0.6.24-1+deb12u1_amd64.deb 23a9455ad1f70f72daea783cad8e30c1f197ac9a 8768 libexif_0.6.24-1+deb12u1_amd64-buildd.buildinfo Checksums-Sha256: 180aff025c6a2fc9a5e80c79565f97d473280f5dbb28be6db0947c748aaa2e35 103304 libexif-dev_0.6.24-1+deb12u1_amd64.deb 16434dd32e72a4d063786b062f32c11f1d5ec6398fcd728c584edde39092768d 138760 libexif12-dbgsym_0.6.24-1+deb12u1_amd64.deb 93889c7fd57bcb0311209f983704373f5f8eb8395b05efd1169dc133adc7beb9 396604 libexif12_0.6.24-1+deb12u1_amd64.deb 4c8edf3e7f2666832375a4bec751df308c60d4ba027b03a11a68c56572e34f60 8768 libexif_0.6.24-1+deb12u1_amd64-buildd.buildinfo Files: b5b6dc0dacb3e9052f3bde61b2897c23 103304 libdevel optional libexif-dev_0.6.24-1+deb12u1_amd64.deb efa148ceccd70a1baf9e539afdd1393e 138760 debug optional libexif12-dbgsym_0.6.24-1+deb12u1_amd64.deb f90f4c5df938ba29a9b1fc7f52a80b8c 396604 libs optional libexif12_0.6.24-1+deb12u1_amd64.deb 0745a305e55161648b9aaddda0ffe7bb 8768 libs optional libexif_0.6.24-1+deb12u1_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmn/FUAACgkQTwt/65ON 6ze29A/+IAsSNF/7KAJ8BedKRvd0z/WkjsVWHHVl8IqUD8h7KKVqvXajFVr7a8qz 6zeX1+BiiNGfBSxd6JbSF2afGxZ82z5MpQ2H1tR986q8YKLaH+ay9gGAPVAzEMof kqLTQy9i4R03n9HZYHknbBOKNJ9IFf/KNriKYMpiJt76n4MiU+6wTVkCc38FCOWB Y0t1wrrBJUau5l6c7H8g0Ub87Ez3aEz7tBwQppx56sULjd/aMGYf13ZYdPC8DfQe /M98uaT9Lfp0ghcJDZEsOOtXzjVwyz+r3enZ8EK+z/rKfWGEuNrMoP5v6KJ+37fr SuJzDx2sYRxP091VUvarYhaUVtyb+R0LAkGeft+jVrS2U+yvWdFrivcDWruVOCOr GqRGfavG/OZKNjIcGxmtnG4p4bb/qtEFyKQU2Hq/vEMKaWeam4q9o3o1+gQnTbbd OQn8PwoT9CEhM4ZPzVpbdSq7t/NS1xyKP7eio6X+dsX8rVipzziRMhDqtsB3QbPl AiCZHW80oRQH3PDLgpvVNlBVRRAhOM0m5YBtfou/hSQp+FPyQpUZGYl+XYz2TILL kY5OkUvCS9B7yov0jOVFbIOXmtNO0KW5Jl/Ie6WQT+Zp6vrG00KrRd7bj+Y1ky7+ vESEu58/0EInalLtuvq8ux3eW8N6mHQCbml2n75EEwwNmxTOimE= =m2j1 -----END PGP SIGNATURE-----