exiv2 (0.25-2.1ubuntu16.04.4) xenial-security; urgency=medium

   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2018-19107-19108-*.patch: add port of enforce()
       in src/enforce.hpp, use safe:add for preventing overflows in
       PSD files and enforce length of image resource
       section < file size in src/psdimage.cpp.
     - CVE-2018-19107
     - CVE-2018-19108
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2018-19535-*.patch: fixes in
       PngChunk::readRawProfile in src/pngchunk.cpp.
     - CVE-2018-19535
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13110.patch: avoid integer overflow
       in src/crwimage.cpp.
     - CVE-2019-13110
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13112.patch: add bound check
       on allocation size in src/pngchunk.cpp.
     - CVE-2019-13112
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13113.patch: throw an exception
       if the data location is invalid in src/crwimage.cpp,
       src/crwimage_int.hpp.
     - CVE-2019-13113
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2019-13114.patch: avoid null pointer
       exception due to NULL return from strchr in src/http.cpp.
     - CVE-2019-13114
   * Add error codes from src error in order to support CVE-2018-19535
     - debian/patches/0001-Added-error-codes-from-src-error.cpp-into-an-enumera.patch

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Wed, 10 Jul 2019 15:58:32 -0300

exiv2 (0.25-2.1ubuntu16.04.3) xenial-security; urgency=medium

   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-11591.patch: fix in
       include/exiv2/value.hpp.
     - CVE-2017-11591
   * SECURITY UPDATE: Remote denial of service
     - debian/patches/CVE-2017-11683.patch: fix in
       src/tiffvisitor.cpp.
     - CVE-2017-11683
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-14859_14862_14864.patch: fix in
       src/error.cpp, src/tiffvisitor.cpp.
     - CVE-2017-14859
     - CVE-2017-14862
     - CVE-2017-14864
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-17669.patch: fix in
       src/pngchunk.cpp.
     - CVE-2017-17669
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2017-9239.patch: fix in
       src/tiffcomposite.cpp.
     - CVE-2017-9239
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-2018-17581.patch: fix in
       src/crwimage.cpp.
     - CVE-2018-17581
   * SECURITY UPDATE: Denial of service
     - debian/patches/CVE-16336*.patch: fix in
       src/pngchunk.cpp.
     - CVE-2018-16336
  * Minor fix related to CVE-2018-10958_10999 in src/pngchunk.cpp.

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 08 Jan 2019 14:58:44 -0300

exiv2 (0.25-2.1ubuntu16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: denial of service through memory exhaustion
    and a heap-based buffer over-read
    - debian/patches/CVE-2018-10958_10999*.patch
    - CVE-2018-10958
    - CVE-2018-10999
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2018-10998.patch
    - CVE-2018-10998
  * SECURITY UPDATE: Heap-based buffer overflow
    - debian/patches/CVE-2018-11531*.patch
    - CVE-2018-11531
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-12264.patch
    - CVE-2018-12264
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-12265*.patch
    - CVE-2018-12265

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Fri, 29 Jun 2018 10:31:21 -0300

exiv2 (0.25-2.1ubuntu16.04.1) xenial; urgency=medium

  * SRU 0.25-3 to Ubuntu xenial (LP: #1584853)

  [ Norbert Preining ]
  * Fix crashes on Casio images files (upstream cherry pick) (Closes: #814051)
  * mention XMP in the description (Closes: #790784)

 -- Gianfranco Costamagna <locutusofborg@debian.org>  Tue, 28 Feb 2017 12:17:15 +0100

exiv2 (0.25-2.1) unstable; urgency=medium

  * Non-maintainer upload
  * Fix symbol files for amd64/mips64el/sparc64/sh4 (Closes: #799611).

 -- YunQiang Su <syq@debian.org>  Thu, 08 Oct 2015 14:39:02 +0800

exiv2 (0.25-2) unstable; urgency=medium

  * Update symbols files from buildds logs (0.25-1) (Closes: #794728) Thanks
    to Aaron M. Ucko.
  * Update symbols files.

 -- Maximiliano Curia <maxy@debian.org>  Thu, 06 Aug 2015 12:37:59 +0200

exiv2 (0.25-1) unstable; urgency=medium

  [ Pino Toscano ]
  * libexiv2-dev: stop again depending on pkg-config, as this is no more
    needed now (for real this time).

  [ Maximiliano Curia ]
  * New upstream release (0.25). (Closes: #789956)
  * Refresh patch: libtool_update.diff
  * Remove upstream applied patch: CVE-2014-9449.patch
  * Bump Standards-Version to 3.9.6, no changes needed.
  * Update copyright information.

 -- Maximiliano Curia <maxy@debian.org>  Wed, 05 Aug 2015 13:07:18 +0200

exiv2 (0.24-4.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add CVE-2014-9449.patch patch.
    CVE-2014-9449: buffer overflow in RiffVideo::infoTagsHandler
    Thanks to Klaus Ethgen <Klaus@Ethgen.de> (Closes: #773846)

 -- Salvatore Bonaccorso <carnil@debian.org>  Wed, 07 Jan 2015 20:25:48 +0100

exiv2 (0.24-4) unstable; urgency=medium

  * Team upload.
  * Upload to unstable. (See #732957)
  * Re-add the pkg-config dependency in libexiv2-dev, as there is still one
    source relying on it.

 -- Pino Toscano <pino@debian.org>  Fri, 05 Sep 2014 23:22:40 +0200

exiv2 (0.24-3) experimental; urgency=medium

  * Team upload.
  * Integrate 0.23-1.1 NMU (thanks Wookey).
  * Move the libjs-jquery, doxygen, graphviz build dependencies as
    Build-Depend-Indep, as they are needed in indep-build only.
  * Update libtool files for ppc64el. (Closes: #757412)

 -- Pino Toscano <pino@debian.org>  Thu, 28 Aug 2014 23:00:16 +0200

# For older changelog entries, run 'apt-get changelog libexiv2-14'