exempi (2.5.0-2+deb10u1) buster-security; urgency=medium

  * Non-maintainer upload by the LTS Security Team.
  * Fix CVE-2020-18651: A Buffer Overflow vulnerability
    in function ID3_Support::ID3v2Frame::getFrameValue
    allows remote attackers to cause a denial of service
  * Fix CVE-2020-18652: A Buffer Overflow vulnerability in
    WEBP_Support.cpp allows remote attackers to cause a
    denial of service
  * Fix as per bulletin APSB21-65:
    - CVE-2021-36045: an out-of-bounds read vulnerability
      that could lead to disclosure of arbitrary memory.
    - CVE-2021-36046: a memory corruption vulnerability,
      potentially resulting in arbitrary code execution
      in the context of the current use
    - CVE-2021-36047: an Improper Input Validation
      vulnerability potentially resulting in arbitrary
      code execution in the context of the current use
    - CVE-2021-36048:  Improper Input Validation
      vulnerability potentially resulting in arbitrary
      code execution in the context of the current user
    - CVE-2021-36050: a buffer overflow vulnerability
      potentially resulting in arbitrary code execution
      in the context of the current user
    - CVE-2021-36051: a buffer overflow vulnerability
      potentially resulting in arbitrary code execution
      in the context of the current user
    - CVE-2021-36052: a memory corruption vulnerability,
      potentially resulting in arbitrary code execution
      in the context of the current user
    - CVE-2021-36053: an out-of-bounds read vulnerability
      that could lead to disclosure of arbitrary memory
    - CVE-2021-36054: a buffer overflow vulnerability potentially
      resulting in local application denial of service
    - CVE-2021-36055: a use-after-free vulnerability that could
      result in arbitrary code execution
    - CVE-2021-36056: a buffer overflow vulnerability potentially
      resulting in arbitrary code execution in the context of
      the current user.
    - CVE-2021-36057: a write-what-where condition vulnerability
      caused during the application's memory allocation process.
      This may cause the memory management functions to become
      mismatched resulting in local application denial of service
      in the context of the current user.
    - CVE-2021-36058: an Integer Overflow vulnerability potentially
      resulting in application-level denial of service in the
      context of the current user.
    - CVE-2021-36064: a Buffer Underflow vulnerability which
      could result in arbitrary code execution in the context
      of the current user
    - CVE-2021-39847: a stack-based buffer overflow vulnerability
      potentially resulting in arbitrary code execution in the
      context of the current user.

 -- Bastien Roucariès <rouca@debian.org>  Sun, 24 Sep 2023 16:28:18 +0000

exempi (2.5.0-2) unstable; urgency=medium

  * Upload to unstable

 -- Michael Biebl <biebl@debian.org>  Wed, 09 Jan 2019 16:22:23 +0100

exempi (2.5.0-1) experimental; urgency=medium

  * New upstream version 2.5.0
    - CVE-2018-12648: fix null-pointer-dereference in WEBP_Support.
  * Drop unaligned-access.patch, applied upstream
  * Rename library package for 3 → 8 soname bump
  * Use debhelper-compat (= 12) Build-Depends and drop debian/compat
  * Bump Standards-Version to 4.3.0
  * Bump shlibs version to 2.5.0

 -- Michael Biebl <biebl@debian.org>  Mon, 07 Jan 2019 00:02:56 +0100

exempi (2.4.5-2) unstable; urgency=medium

  * Team upload

  [ Steve Langasek ]
  * Add debian/patches/unaligned-access.patch: use alignment-safe copy on
    ARM on Linux, not just on iOS.

 -- Jeremy Bicha <jbicha@debian.org>  Sun, 18 Mar 2018 21:00:07 -0400

exempi (2.4.5-1) unstable; urgency=medium

  * New upstream version 2.4.5 with various CVE fixes. (Closes: #892782)
    - CVE-2018-7730: fix a buffer overflow in the PSD parser.
    - CVE-2018-7728: fix a buffer overflow in the TIFF parser.
    - CVE-2018-7729: fix a buffer overflow in PostScript parser.
    - CVE-2018-7731: fix a null dereference in WEBP parser.
  * Enable all hardening build flags

 -- Michael Biebl <biebl@debian.org>  Wed, 14 Mar 2018 14:36:25 +0100

exempi (2.4.4-1) unstable; urgency=medium

  * New upstream version 2.4.4

 -- Michael Biebl <biebl@debian.org>  Mon, 05 Feb 2018 01:34:15 +0100

exempi (2.4.3-2) unstable; urgency=medium

  * Set Rules-Requires-Root to no
  * Update Vcs-* to point to salsa.debian.org (gitlab)
  * Bum Standards-Version to 4.1.3
  * Bump debhelper compat level to 11
  * Switch to dh_missing and abort on uninstalled files

 -- Michael Biebl <biebl@debian.org>  Sun, 14 Jan 2018 19:32:53 +0100

exempi (2.4.3-1) unstable; urgency=medium

  * New upstream version 2.4.3
  * Bump Standards-Version to 4.0.0

 -- Michael Biebl <biebl@debian.org>  Tue, 08 Aug 2017 20:22:26 +0200

exempi (2.4.2-1) unstable; urgency=medium

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Sat, 04 Feb 2017 01:07:11 +0100

exempi (2.4.1-1) unstable; urgency=medium

  * New upstream release
  * Update Vcs-* according to the latest recommendation

 -- Michael Biebl <biebl@debian.org>  Mon, 23 Jan 2017 23:53:38 +0100

exempi (2.4.0-1) unstable; urgency=medium

  * New upstream release.
  * Bump debhelper compat level to 10
  * Bump Standards-Version to 3.9.8
  * Bump shlibs version to 2.4.0

 -- Michael Biebl <biebl@debian.org>  Mon, 09 Jan 2017 00:19:27 +0100

exempi (2.3.0-2) unstable; urgency=medium

  * Run wrap-and-sort -at.
  * Bump shlibs version to 2.3.0 for the new API that was added.

 -- Michael Biebl <biebl@debian.org>  Sun, 20 Mar 2016 23:01:44 +0100

exempi (2.3.0-1) unstable; urgency=medium

  * New upstream release.
  * Rebase patches.
  * Drop libexempi3-dbg now that we have automatic dbgsym packages.
  * Ensure proper upgrade from libexempi3-dbg to new dbgsym packages by using
    dh_strip --dbgsym-migration. Bump Build-Depends on debhelper accordingly.
  * Bump Standards-Version to 3.9.7.
  * Use https:// for upstream homepage.

 -- Michael Biebl <biebl@debian.org>  Fri, 18 Mar 2016 22:42:29 +0100

exempi (2.2.2-2) unstable; urgency=medium

  * Fix an out of bounds access when reading tag. Patch cherry-picked from
    upstream Git. (Closes: #784631)

 -- Michael Biebl <biebl@debian.org>  Mon, 11 May 2015 03:34:01 +0200

exempi (2.2.2-1) unstable; urgency=medium

  * New upstream release.
  * Update watch file to also track .bz2 and .xz tarballs.
  * Add cryptographic signature verification for upstream tarball.
  * Bump Standards-Version to 3.9.6. No further changes.
  * Update Vcs-Browser URL to use cgit and https.

 -- Michael Biebl <biebl@debian.org>  Fri, 08 May 2015 23:23:40 +0200

exempi (2.2.1-2) unstable; urgency=medium

  [ Wookey ]
  * Use dh-autoreconf during the build to support new architectures
    (Closes: #727296)

  [ Michael Biebl ]
  * Use canonical URIs for Vcs-* fields.
  * Bump Standards-Version to 3.9.5. No further changes.
  * Exclude libtool .la files from list-missing.

 -- Michael Biebl <biebl@debian.org>  Mon, 23 Jun 2014 14:28:34 +0200

exempi (2.2.1-1) unstable; urgency=low

  * Remove Asheesh from Maintainer and move myself from Uploaders to
    Maintainer. Thanks Asheesh!
  * New upstream release.
  * Use --list-missing to show uninstalled files.
  * Bump Standards-Version to 3.9.4. No further changes.
  * Add a new binary package exempi, which contains the exempi command line
    utility.

 -- Michael Biebl <biebl@debian.org>  Sun, 30 Jun 2013 08:02:39 +0200

exempi (2.2.0-1) unstable; urgency=low

  * New upstream release.
  * Switch to source format 3.0 (quilt)
    - Add debian/source/format.
    - Drop Build-Depends on quilt.
    - Remove /usr/share/cdbs/1/rules/patchsys-quilt.mk include.
    - Remove debian/README.source.
  * Move from cdbs to dh
    - Drop Build-Depends on cdbs.
    - Bump Build-Depends on debhelper to (>= 7.0.50~) for override targets.
    - Convert debian/rules to use dh.
  * Bump Standards-Version to 3.9.2. No further changes.
  * Don't use brace expansion in .install files.
  * Bump shlibs due to API additions.
  * Bump debhelper compatibility level to 9, which enables hardening build
    flags and multiarch support.
  * Mark libexempi3, libexempi3-dev and libexempi-dev as Multi-Arch: same.

 -- Michael Biebl <biebl@debian.org>  Wed, 22 Feb 2012 14:57:56 +0100

exempi (2.1.1-1) unstable; urgency=low

  * New upstream release.
  * debian/control
    - Bump Standards-Version to 3.8.2. No further changes.
    - Change section of libexempi3-dbg to debug.
  * debian/rules
    - Remove DEB_DH_INSTALL_SOURCEDIR, no longer required with debhelper v7
      compat mode.
  * debian/patches/01-gcc_4.4_missing_includes.patch
    - Removed, merged upstream.

 -- Michael Biebl <biebl@debian.org>  Wed, 01 Jul 2009 15:28:19 +0200

exempi (2.1.0-3) unstable; urgency=low

  * Merge changes from experimental branch.
  * debian/compat
    - Bump to debhelper v7 compat mode.
  * debian/control
    - Bump Build-Depends on debhelper to (>= 7).

 -- Michael Biebl <biebl@debian.org>  Mon, 16 Feb 2009 00:44:01 +0100

exempi (2.1.0-2) experimental; urgency=low

  * debian/control
    - Update Vcs-* headers. Package is now managed with Git on git.debian.org.

 -- Michael Biebl <biebl@debian.org>  Wed, 28 Jan 2009 21:27:36 +0100

exempi (2.1.0-1) experimental; urgency=low

  * New upstream release.
  * debian/control
    - Add Build-Depends on zlib1g-dev.
    - Add ${misc:Depends} to all binary packages.
  * debian/patches/01-gcc_4.4_missing_includes.patch
    - Refreshed and updated to the latest code changes.
  * debian/libexempi3.shlibs
    - Add shlibs file and set it to (>= 2.1.0) due to API additions.

 -- Michael Biebl <biebl@debian.org>  Sun, 28 Dec 2008 21:56:13 +0100

exempi (2.0.2-2) unstable; urgency=low

  * Switch patch management system to quilt.
  * debian/control
    - Add Build-Depends on quilt.
  * debian/rules
    - Include patchsys-quilt.mk cdbs rules file.
  * debian/README.source
    - Document the usage of quilt as patch management system and refer to the
      quilt documentation for further information.
  * debian/patches/01-gcc_4.4_missing_includes.patch
    - Add missing includes to fix FTBFS with GCC 4.4. (Closes: 504944)
      Thanks to Martin Michlmayr for the patch.

 -- Michael Biebl <biebl@debian.org>  Sat, 08 Nov 2008 15:30:52 +0100

exempi (2.0.2-1) unstable; urgency=low

  * New upstream release.
  * debian/control
    - Bump Standards-Version to 3.8.0. No further changes.

 -- Michael Biebl <biebl@debian.org>  Sun, 24 Aug 2008 01:27:18 +0200

exempi (2.0.1-1) unstable; urgency=low

  * New upstream release.
  * debian/libexempi-dev.install
    - No longer install the libtool *.la file.

 -- Michael Biebl <biebl@debian.org>  Tue, 29 Apr 2008 03:50:56 +0200

exempi (2.0.0-1) unstable; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Wed, 02 Apr 2008 06:21:58 +0200

exempi (1.99.9-1) unstable; urgency=low

  * New upstream release.
  * debian/control
    - Remove leading article from short package description.

 -- Michael Biebl <biebl@debian.org>  Sat, 02 Feb 2008 04:54:26 +0100

exempi (1.99.8-1) unstable; urgency=low

  * New upstream release.
  * debian/patches/01-configure_unittest.patch
    - Removed, merged upstream.
  * debian/patches/02-buffer_overflow_gif_header.patch
    - Removed, merged upstream.

 -- Michael Biebl <biebl@debian.org>  Sat, 26 Jan 2008 21:45:01 +0100

exempi (1.99.7-1) unstable; urgency=medium

  * New upstream release.
    - Adds missing #includes which fixes FTBFS with GCC 4.3. (Closes: #456087)
  * debian/control
    - Bump Standards-Version to 3.7.3. No further changes required.
    - Drop Build-Depends on libboost-dev.
    - Make the -dbg package be Priority: extra.
  * debian/rules
    - Disable compilation of the unit tests.
  * debian/patches/01-configure_unittest.patch
    - Make compilation of the unit tests (which require boost) optional.
      Patch is pulled from upstream git.
  * debian/patches/02-buffer_overflow_gif_header.patch
    - Fix a buffer overflow in the ReadHeader() function when reading GIF
      images. This poses a security risk as it allows arbitrary code
      execution. Upload with urgency medium. (Closes: #454297)
      Thanks to Sjoerd Simons for the help tracking this bug down.

 -- Michael Biebl <biebl@debian.org>  Thu, 24 Jan 2008 01:39:45 +0100

exempi (1.99.5-1) unstable; urgency=low

  * New upstream release.
  * debian/control
    - Use the new "Homepage:" field to specify the upstream URL.
    - The Vcs-* fields are now officially supported, so remove the XS- prefix.
  * SONAME bump as ABI has changed. Rename package libexempi2 to libexempi3.

 -- Michael Biebl <biebl@debian.org>  Wed, 07 Nov 2007 15:29:59 +0100

exempi (1.99.4-1) unstable; urgency=low

  * New upstream release.

 -- Michael Biebl <biebl@debian.org>  Sun, 26 Aug 2007 00:18:41 +0200

exempi (1.99.3-1) unstable; urgency=low

  * Initial release. (Closes: #438166)

 -- Asheesh Laroia <asheesh@asheesh.org>  Wed, 15 Aug 2007 05:20:40 +0200

