-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 17 Apr 2026 07:48:04 -0300 Source: libexif Architecture: source Version: 0.6.25-1+deb13u1 Distribution: trixie Urgency: medium Maintainer: Debian PhotoTools Maintainers Changed-By: Emmanuel Arias Closes: 1131116 1133922 1133923 Changes: libexif (0.6.25-1+deb13u1) trixie; urgency=medium . * Team upload. * d/patches/CVE-2026-40386.patch Add patch for CVE-2026-40386. - An integer underflow in size checking for Fuji and Olympus MakerNote decoding could be used by attackers to crash or leak information out of libexif-using programs (Closes: #1133923). * d/patches/CVE-2026-40385.patch: Add patch for CVE-2026-40385. - An unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. (Closes: #1133922). * d/patches/CVE-2026-32775.patch: Add patch for CVE-2026-32775.patch. - If the exif_mnote_data_get_value function in MakerNotes gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow (Closes: #1131116). Checksums-Sha1: 43fdb88452e4fc0c7cfb39222cc90bf6cd450331 2127 libexif_0.6.25-1+deb13u1.dsc 55158cf229aa8bd9809398bfa489844d25bd4567 13744 libexif_0.6.25-1+deb13u1.debian.tar.xz c02dc31828a049b9a4931af183bc7385388cb36f 8971 libexif_0.6.25-1+deb13u1_amd64.buildinfo Checksums-Sha256: 807f8e0e2da5182d824808aa5a22e24c032be58ed951b23539d1c2aebb86b319 2127 libexif_0.6.25-1+deb13u1.dsc ad1b1a2555cc911f8e04a601f2edeb4987f71846c6c9e827d52d460ff4a4bccf 13744 libexif_0.6.25-1+deb13u1.debian.tar.xz 53d834624afa536057ae1d14645b1cd426220aab32a0c3fb7c515ae0d014d18e 8971 libexif_0.6.25-1+deb13u1_amd64.buildinfo Files: f1f8f65f9d33f869baa974f61e849d41 2127 libs optional libexif_0.6.25-1+deb13u1.dsc a7a8b3422ab1bee54f1afc4cecd04f45 13744 libs optional libexif_0.6.25-1+deb13u1.debian.tar.xz 64c8872e4342a79e7ea1a525a4223134 8971 libs optional libexif_0.6.25-1+deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEEE3lnVbvHK7ir4q61+p3sXeEcY/EFAmn+W6ESHGVhbWFudUBk ZWJpYW4ub3JnAAoJEPqd7F3hHGPxMYEP/iJUaHbpYFcS7WvFo3queQznJlX2IUCM oXCMjkjHdAU/VhWZ35ADsm1qv+MkTkTi5VyJUCIfd11afHOSytVLrUuev1ErohZR R4igtUNxDJ3Xa5ZhZuACniaqneYQsnUYMHIVp8Xd6wDTwIRe6XU3XgvAP9SpMi5d L7tyrY2QlZOIhzdtk7yfgVuLVKZ+h8LJ6EEdoGzAUP8e7m8j7ENxAcK4ssoDCbno BlYNLV1HzgfPq6EhK1IDs/wDrx5EeGMr8WNT3FmVaz0h9zIsCAuOpyj7BNlfUFx0 Me/eR6r6Dk2chaNOzMvbCqh1pwQjAep2rzHeZENuZuNOtz855/MR2olSXdImkG/i q+V2HzmKwSBtFgBGbBkPp2WtcPyZZgL9rDk0Kjzo0+agQNl3NE2WYcXFPA/H4lLW yx+/aLpVMCX/SZTO+FIyjz5uQIZE0x+uCbHMKTqAnaazdBNheQm6ZxNenQI9qC/t MlxIkHDFm+mNEO1GplFQDwRPEQmQ0ztLJ6hGUgD8YgflJAIFiwdNoXhnn1pseZAi domQT7krudFfBRGiR9e1imvCiuVQ8ouWckg9njGY8nqAZFpDp3fVBEYzYa9akhoC UBcrxlEA/tkrWQJxEeJtOdR9WcRSbekLaoWhHMTsdTBetv+McE48ysXKZ+yupCdI M9pcDOtpOyHs =dQCP -----END PGP SIGNATURE-----