-
libraw (0.15.4-1ubuntu0.3) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple memory management issues
- debian/patches/CVE-2018-5807_5810.patch: out-of-bounds read and NULL
pointer dereference in dcraw/dcraw.c and internal/dcraw_common.cpp
- CVE-2018-5807
- CVE-2018-5810
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
and internal/dcraw_common.cpp
- CVE-2018-5813
-- Alex Murray <email address hidden> Wed, 05 Dec 2018 13:54:32 +1030
-
libraw (0.15.4-1ubuntu0.2) trusty-security; urgency=medium
* SECURITY UPDATE: buffer overflow in panasonic_load_raw
- debian/patches/CVE-2017-16909.patch: add more bounds checking to
dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h.
- CVE-2017-16909
* SECURITY UPDATE: invalid read in xtrans_interpolate
- debian/patches/CVE-2017-16910.patch: add checks and proper
initialization to dcraw/dcraw.c.
- CVE-2017-16910
* SECURITY UPDATE: multiple security issues
- debian/patches/CVE-2018-580x.patch: add checks to dcraw/dcraw.c,
internal/dcraw_common.cpp, src/libraw_cxx.cpp.
- CVE-2018-5800
- CVE-2018-5801
- CVE-2018-5802
* SECURITY UPDATE: image size and alloc issues
- debian/patches/security_0.18.8_1.patch: add more checks to
dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h,
src/libraw_cxx.cpp.
- No CVE number
* SECURITY UPDATE: Secunia #81000 security issues
- debian/patches/security_0.18.8_2.patch: add more checks to
dcraw/dcraw.c, internal/dcraw_common.cpp.
- No CVE number
-- Marc Deslauriers <email address hidden> Fri, 30 Mar 2018 10:11:50 -0400
-
libraw (0.15.4-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in ljpeg_start
- debian/patches/CVE-2015-3885.patch: use ushort in dcraw/dcraw.c,
internal/dcraw_common.cpp.
- CVE-2015-3885
* SECURITY UPDATE: index overflow and lack of initialization
- debian/patches/CVE-2015-836x.patch: add checks to dcraw/dcraw.c,
internal/dcraw_common.cpp, add proper initialization to
src/libraw_cxx.cpp.
- CVE-2015-8366
- CVE-2015-8367
* SECURITY UPDATE: memory corruption in parse_tiff_ifd
- debian/patches/CVE-2017-688x.patch: add checks to dcraw/dcraw.c,
internal/dcraw_common.cpp.
- CVE-2017-6886
- CVE-2017-6887
* SECURITY UPDATE: floating point exception in kodak_radc_load_raw
- debian/patches/CVE-2017-13735.patch: add checks to dcraw/dcraw.c,
internal/dcraw_common.cpp.
- CVE-2017-13735
* SECURITY UPDATE: buffer overflow in xtrans_interpolate
- debian/patches/CVE-2017-14265.patch: add checks to dcraw/dcraw.c.
- CVE-2017-14265
* SECURITY UPDATE: out of bounds read in kodak_65000_load_raw
- debian/patches/CVE-2017-14608.patch: add checks to dcraw/dcraw.c,
internal/dcraw_common.cpp.
- CVE-2017-14608
-- Marc Deslauriers <email address hidden> Thu, 16 Nov 2017 14:15:58 -0500
-
libraw (0.15.4-1) unstable; urgency=low
* Team upload.
* New upstream release.
- Fix for CVE-2013-1438 (Closes: #721231).
- Fix for CVE-2013-1439 (Closes: #721338).
- Fix segmentaition fault when unprocessed_raw is passed -s option
wihout any parameter (Closes: #716423).
* debian/patches/4channels_parameter.patch:
- Dropped, applied upstream.
* debian/patches/typo.patch:
- Dropped, applied upstream.
-- Luca Falavigna <email address hidden> Sat, 05 Oct 2013 17:53:47 +0200
-
libraw (0.15.3-1ubuntu1) saucy; urgency=low
* SECURITY UPDATE: denial of service via crafted photo files
- debian/patches/CVE-2013-143x.patch: add more checks to
internal/dcraw_common.cpp, src/libraw_datastream.cpp.
- CVE-2013-1438
- CVE-2013-1439
-- Marc Deslauriers <email address hidden> Fri, 20 Sep 2013 11:53:14 -0400
