-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 28 Mar 2019 19:03:02 +0100 Source: libraw Binary: libraw10 libraw-bin libraw-dev libraw-doc Architecture: source amd64 all Version: 0.16.0-9+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Debian Shotwell Maintainers <pkg-shotwell-maint@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libraw-bin - raw image decoder library (tools) libraw-dev - raw image decoder library (development files) libraw-doc - raw image decoder library (documentation) libraw10 - raw image decoder library Changes: libraw (0.16.0-9+deb8u4) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-5800, CVE-2018-5801, CVE-2018-5802, CVE-2018-5808, CVE-2018-5817, CVE-2018-5818, CVE-2018-5819 Secunia Research has discovered multiple vulnerabilities, which can be exploited to cause a Denial of Service. The issues contain divisions by zero, out-of-bounds read memory access, heap-based buffer overflows and NULL pointer dereferences. Checksums-Sha1: f2330cce84ed811468f42d2edf0dd3605c1d0e29 2372 libraw_0.16.0-9+deb8u4.dsc 492239aa209b1ddd1f030da4fc2978498c32a29b 1472935 libraw_0.16.0.orig.tar.gz 677bdbbfc2159173804ce9047bfc2e276547a521 30472 libraw_0.16.0-9+deb8u4.debian.tar.xz faaf221a551d74d479749b9f673b9a3920b8e237 218930 libraw10_0.16.0-9+deb8u4_amd64.deb 3213fc164041249b2a4158f64a53ef2a689f3de8 63388 libraw-bin_0.16.0-9+deb8u4_amd64.deb ff656697827b52adac42b48429abd21dcb807f4a 222678 libraw-dev_0.16.0-9+deb8u4_amd64.deb 95d2c7c48e175e24fda41bd8a9e2f31990120780 109718 libraw-doc_0.16.0-9+deb8u4_all.deb Checksums-Sha256: 8973ea418461b474319dc8eef10cfede0da8e7eafdd46cb9783cabd230d6ad83 2372 libraw_0.16.0-9+deb8u4.dsc 71f43871ec2535345c5c9b748f07813e49915170f9510b721a2be6478426cf96 1472935 libraw_0.16.0.orig.tar.gz 3e7650f967a861fdec2ec73e1e3ea033e4eb9edb392fa005d96f1b72421c0a4c 30472 libraw_0.16.0-9+deb8u4.debian.tar.xz c984c140dfb011a1024fdb9defd1e68748a926a56d58b6c475f24b3de4a5a022 218930 libraw10_0.16.0-9+deb8u4_amd64.deb dc532de6fbd5f71bb6f8cdf7dd9a3a06a240c3c12912c1b750e5253e23b6eac5 63388 libraw-bin_0.16.0-9+deb8u4_amd64.deb 37a33ed93d243cbd2f6771bdc4e3ae9d851b7364d5429f302942200737e4b690 222678 libraw-dev_0.16.0-9+deb8u4_amd64.deb 31c9af544edf84c99d68eba94d3368d02e56465c69eeaf6b35f2cd4c6aa14fac 109718 libraw-doc_0.16.0-9+deb8u4_all.deb Files: 0c36303f0496364997d7128589e21ec2 2372 libs optional libraw_0.16.0-9+deb8u4.dsc 21f569be043057b754d87e3062e2345a 1472935 libs optional libraw_0.16.0.orig.tar.gz 64bf03c10df431605b54bfd9160f4aa3 30472 libs optional libraw_0.16.0-9+deb8u4.debian.tar.xz 085ae59b4c50dcea5bd0c1bd12a28a66 218930 libs optional libraw10_0.16.0-9+deb8u4_amd64.deb 2419bc7e75d9d65bb80ed2ce6ae1fc96 63388 graphics optional libraw-bin_0.16.0-9+deb8u4_amd64.deb 896b45bf20e55e10558d7505a16313c6 222678 libdevel optional libraw-dev_0.16.0-9+deb8u4_amd64.deb b85c3c9c4fdf6f6e18ef7b42afaa182d 109718 doc optional libraw-doc_0.16.0-9+deb8u4_all.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlydHXNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRyaKD/4iOPIIB/yy6iqsQDFhliiCWXnBAMeV mv8xuElozPT0UosfujcuCQJUrbQ0y7wx+XbGlCjl92w7TFv7+YobH7bOT6Bef+Hb 88o1/WLgpgkSfUkPTZNfiEsEXWi2iGCda/HO2QAbHZm/GlPl756Y/6qnspMByF/a IhS8n0pTEDHPC+JDxamh/xFV7Lcj/ZuaRJ7HF2WqhaN0Y435N6F4JlgDu354Kica 9gVEMIBUmcyXntdWg1v3Gc/VrPzOWfdWfX1FKyOJxql9SwsRXLowAHJcgt2us8HN YtaIbSA48Gg/nrxrSa0ocMXjuxA1/9ikEzXtrk2imgDZ46xuu9PXd0mtS3sMafxJ AnzZTPUfumQ/oAPEqoPnLmL0xcJ/gomRsQFmKO9oO9Qfve02VdsKlyq39kiD4l6x sGTjVUIyNQC1LCvF3eVWgz2/1sQmaquRNvlaSF/evw1PCDrClHJXM6hSO04Nlqe4 iAn7osVav9VQmDcHlJFSShP5BopfPaoBBwBoSXUIv7KbzSwmZ6rZ7v60ueJ9tOUy dY3pD2/OlonieZNODPFwlBJJtuUFAK88n6x4OTccXQcEbuYwa0pY1ee/eRY+7pJw FV6M55HOeYTTNaeVvRiDZdkjserNv69FIdwpQvmSpjydNZ/r6p4dF5XTLG/pUYhb 06rqicsPuX9oag== =eX2m -----END PGP SIGNATURE-----