[Pkg-shotwell-maint] Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127

Stepan Golosunov stepan at golosunov.pp.ru
Mon Jun 3 15:34:15 UTC 2013

Control: found -1 0.15.1-1

On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote:
> Package: libraw
> Severity: grave
> Tags: security
> Two security issues have been found in libraw. Please see this link for
> more information and links to upstream commits:
> http://www.openwall.com/lists/oss-security/2013/05/29/7

According to
the buggy code is present only in 0.15 branch.
Which means only experimental is affected, and only by CVE-2013-2126.

(Note that there are other packages that duplicate libraw sources.
Darktable, for example, includes libraw 0.14.7.)

More information about the Pkg-shotwell-maint mailing list