-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 20 Apr 2026 07:42:42 -0300 Source: libexif Architecture: source Version: 0.6.24-1+deb12u1 Distribution: bookworm Urgency: medium Maintainer: Debian PhotoTools Maintainers Changed-By: Emmanuel Arias Closes: 1131116 1133922 1133923 Changes: libexif (0.6.24-1+deb12u1) bookworm; urgency=medium . * Team upload. * d/patches/CVE-2026-40386.patch Add patch for CVE-2026-40386. - An integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs (Closes: #1133923). * d/patches/CVE-2026-40385.patch: Add patch for CVE-2026-40385. - An unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. (Closes: #1133922). * d/patches/CVE-2026-32775.patch: Add patch for CVE-2026-32775.patch. - If the exif_mnote_data_get_value function in MakerNotes gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow (Closes: #1131116). Checksums-Sha1: 1b09676ca50532eb3d8d29ecfee6eb8d5ea06ffa 2136 libexif_0.6.24-1+deb12u1.dsc e7c156763b2a597ba687cd99a42f8ab47e9aa7ea 13356 libexif_0.6.24-1+deb12u1.debian.tar.xz a1469c59ab8918f9196e8b56a4a34addf2ef724f 9508 libexif_0.6.24-1+deb12u1_amd64.buildinfo Checksums-Sha256: 966c6129c35f398ec868398e126496764c3afabe5f3ec3e8b7f1eba61144b4f6 2136 libexif_0.6.24-1+deb12u1.dsc ddf8224fe0d54ab840e2f85f4e0a219103079b043ec59ca6f900d7476927e613 13356 libexif_0.6.24-1+deb12u1.debian.tar.xz 0e5bacca5d06dcc0c3abd5e17b8c8a643db0b960182b421218d8f490b9d3256d 9508 libexif_0.6.24-1+deb12u1_amd64.buildinfo Files: 74fa6801eed54778cb5f318d26cf65f2 2136 libs optional libexif_0.6.24-1+deb12u1.dsc 4bd28e346babbc93a9175ae729853657 13356 libs optional libexif_0.6.24-1+deb12u1.debian.tar.xz ead7bbe9b28cf25de3489b29e4140a0c 9508 libs optional libexif_0.6.24-1+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmn+YMYSHGVhbWFudUBk ZWJpYW4ub3JnAAoJEPqd7F3hHGPxUJkP+wTW/zj+KQlpM0fDaFIPbC6OtvDNvYLx ukv0ALvxyynnDcbLgEbkMe35WbH5P6Ciygw4DbjmlwjoFzw7OlFymos1HNlrjwZF yDfDzxC0zqHDsSi9aKBdq9AVsaw1HQQZV5zvTKRMExUCgtmGtwyNNr616+aKx00t WGUoqdYQiCpFYUZFF5kHa6Rpup9IUCAFKHjhKxOab8Fwv7H6zjE0T6Nwc9Ur7KHM 3APF08Vb32bwSzw/jfE/yTLDDo0FiNk4ZOlXjLzjnGNuHsi4mde78oR5w7DN+AmJ Fzw1/vWao2nh1djnT9g3I/Z70550/shmVwX4uV3WcVtg7UA+B9+kU7NpCcQEoLLk NMT39dLnUqnMJxUoHz66EV+7QoWMs4ISNROEm1/Ji/c1BTY0qGXCPHPtdypijn0k wWzj4HSEs5ETNUuUKYLRHvBXtiHtvQtC+CljTrMNBZwZOFJKhU6wPMpGg4loETFQ dO61PrM4Su4HE4MnzgKA1grlzJTBG2Y3Qe7merYnAYPck2MBxBw5NDOHhMmTeEY/ K8AR8m/NRQblP0aMWny/IAbDTuQBS32lb4Xq9TcMuRSVhX/skC+Mz0J8zUyWb/kl +yMbNlfmHpcT4lA7kxFzdnMuOZ6RpWoOUakglTVB84hLOmTDjaB1zrq7oJIDTtmL ZSsDQC3hp6LT =+DHZ -----END PGP SIGNATURE-----