From 844d9be6fddaf5c16f50d926234579bd73d1c33b Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Sun, 17 May 2020 18:33:19 +0200 Subject: [PATCH] first update --- NEWS | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index f1528c1..9a7a802 100644 --- a/NEWS +++ b/NEWS @@ -3,7 +3,28 @@ libexif-0.6.x: * Updated translations for most languages * Fixed C89 compatibility * Fixed warnings on recent versions of autoconf - * Fix for recursion DoS CVE-2018-20030 + * Some useful EXIF 2.3 tag added: + * EXIF_TAG_GAMMA + * EXIF_TAG_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_IMAGE_NUMBER_OF_COMPOSITE_IMAGE + * EXIF_TAG_SOURCE_EXPOSURE_TIMES_OF_COMPOSITE_IMAGE + * EXIF_TAG_GPS_H_POSITIONING_ERROR + * EXIF_TAG_CAMERA_OWNER_NAME + * EXIF_TAG_BODY_SERIAL_NUMBER + * EXIF_TAG_LENS_SPECIFICATION + * EXIF_TAG_LENS_MAKE + * EXIF_TAG_LENS_MODEL + * EXIF_TAG_LENS_SERIAL_NUMBER + * Lots of fixes exposed by fuzzers like AFL, ClusterFuzz, OSSFuzz and others. + * CVE-2018-20030: Fix for recursion DoS + * CVE-2020-13114: Time consumption DoS when parsing canon array markers + * CVE-2020-13113: Potential use of uninitialized memory + * CVE-2020-13112: Various buffer overread fixes due to integer overflows in maker notes + * CVE-2020-0093: read overflow + * CVE-2019-9278: replaced integer overflow checks the compiler could optimize away by safer constructs + * CVE-2020-12767: fixed division by zero + * CVE-2016-6328: fixed integer overflow when parsing maker notes + * CVE-2017-7544: fixed buffer overread libexif-0.6.21 (2012-07-12): * New translations: en_AU, uk -- 2.7.4