Change logs for libraw source package in Xenial

libraw (0.17.1-1ubuntu0.5) xenial-security; urgency=medium

  * SECURITY UPDATE: infinite loop issues
    - debian/patches/CVE-2018-581x.patch: add more checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2018-5817
    - CVE-2018-5818
    - CVE-2018-5819
  * SECURITY UPDATE: NULL deref in LibRaw::raw2image
    - debian/patches/CVE-2018-20363.patch: add check in src/libraw_cxx.cpp.
    - CVE-2018-20363
  * SECURITY UPDATE: NULL deref in LibRaw::copy_bayer
    - debian/patches/CVE-2018-20364.patch: add check in src/libraw_cxx.cpp.
    - CVE-2018-20364
  * SECURITY UPDATE: heap overflow in LibRaw::raw2image()
    - debian/patches/CVE-2018-20365.patch: zero filters in dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2018-20365

 -- Marc Deslauriers <email address hidden>  Fri, 17 May 2019 14:00:06 -0400

libraw (0.17.1-1ubuntu0.4) xenial-security; urgency=medium

  * SECURITY UPDATE: Multiple memory management issues
    - debian/patches/CVE-2018-5807_5810_5811_5812.patch: out-of-bounds
      reads, heap-based buffer overflow and NULL pointer dereference in
      internal/dcraw_common.cpp
    - CVE-2018-5807
    - CVE-2018-5810
    - CVE-2018-5811
    - CVE-2018-5812
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
      and internal/dcraw_common.cpp
    - CVE-2018-5813
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2018-5815.patch: integer overflow in
      internal/dcraw_common.cpp
    - CVE-2018-5815
  * SECURITY UPDATE: Divide by zero
    - debian/patches/CVE-2018-5816.patch: divide by zero in
      internal/dcraw_common.cpp
    - CVE-2018-5816

 -- Alex Murray <email address hidden>  Tue, 04 Dec 2018 16:09:49 +1030

libraw (0.17.1-1ubuntu0.3) xenial-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2018-10528.patch: parser possible
      buffer overrun in  src/libraw_cxx.cpp.
    - CVE-2018-10528
  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2018-10529.patch: X3F property table list fix
      in src/libraw_cxx.cpp, internal/libraw_x3f.cpp.
    - CVE-2018-10529

 -- <email address hidden> (Leonidas S. Barbosa)  Mon, 07 May 2018 11:35:20 -0300

libraw (0.17.1-1ubuntu0.2) xenial-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in panasonic_load_raw
    - debian/patches/CVE-2017-16909.patch: add more bounds checking to
      dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h.
    - CVE-2017-16909
  * SECURITY UPDATE: invalid read in xtrans_interpolate
    - debian/patches/CVE-2017-16910.patch: add checks and proper
      initialization to dcraw/dcraw.c, internal/dcraw_common.cpp.
    - CVE-2017-16910
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2018-580x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp, src/libraw_cxx.cpp.
    - CVE-2018-5800
    - CVE-2018-5801
    - CVE-2018-5802
  * SECURITY UPDATE: image size and alloc issues
    - debian/patches/security_0.18.8_1.patch: add more checks to
      dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h,
      src/libraw_cxx.cpp.
    - No CVE number
  * SECURITY UPDATE: Secunia #81000 security issues
    - debian/patches/security_0.18.8_2.patch: add more checks to
      dcraw/dcraw.c, internal/dcraw_common.cpp.
    - No CVE number

 -- Marc Deslauriers <email address hidden>  Fri, 30 Mar 2018 09:24:02 -0400

libraw (0.17.1-1ubuntu0.1) xenial-security; urgency=medium

  * SECURITY UPDATE: memory corruption in parse_tiff_ifd
    - debian/patches/CVE-2017-688x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-6886
    - CVE-2017-6887
  * SECURITY UPDATE: floating point exception in kodak_radc_load_raw
    - debian/patches/CVE-2017-13735.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-13735
  * SECURITY UPDATE: buffer overflow in xtrans_interpolate
    - debian/patches/CVE-2017-14265.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-14265
  * SECURITY UPDATE: buffer overflow in processCanonCameraInfo
    - debian/patches/CVE-2017-14348.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-14348
  * SECURITY UPDATE: out of bounds read in kodak_65000_load_raw
    - debian/patches/CVE-2017-14608.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-14608

 -- Marc Deslauriers <email address hidden>  Thu, 16 Nov 2017 14:02:11 -0500

libraw (0.17.1-1) unstable; urgency=high

  * New upstream release (Closes: #806809)
    - Fix CVE-2015-8366 and CVE-2015-8367

 -- Matteo F. Vescovi <email address hidden>  Thu, 03 Dec 2015 21:19:12 +0100

libraw (0.17.0-1) unstable; urgency=medium

  * New upstream release
    - debian/: SONAME bump libraw10 => libraw15
    - debian/rules: bump dh_makeshlibs to libraw15
    - debian/libraw15.symbols: symbols refreshed
  * debian/copyright: file updated

 -- Matteo F. Vescovi <email address hidden>  Fri, 16 Oct 2015 10:03:52 +0200

libraw (0.16.2-1) unstable; urgency=high

  * New upstream release
    - Fix CVE-2015-3885
  * debian/control:
    - XS-Testsuite field dropped
    - Uploader e-mail address updated

 -- Matteo F. Vescovi <email address hidden>  Tue, 26 May 2015 09:06:05 +0200