[Pkg-shotwell-maint] Bug#710353: libraw: CVE-2013-2126 CVE-2013-2127
Stepan Golosunov
stepan at golosunov.pp.ru
Mon Jun 3 15:34:15 UTC 2013
Control: found -1 0.15.1-1
On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote:
> Package: libraw
> Severity: grave
> Tags: security
>
> Two security issues have been found in libraw. Please see this link for
> more information and links to upstream commits:
>
> http://www.openwall.com/lists/oss-security/2013/05/29/7
According to
http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html
the buggy code is present only in 0.15 branch.
Which means only experimental is affected, and only by CVE-2013-2126.
(Note that there are other packages that duplicate libraw sources.
Darktable, for example, includes libraw 0.14.7.)
More information about the Pkg-shotwell-maint
mailing list