-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 28 May 2015 14:15:10 +0200 Source: libraw Binary: libraw5 libraw-bin libraw-dev libraw-doc Architecture: source all Version: 0.14.6-2+deb7u1 Distribution: wheezy Urgency: high Maintainer: Debian Shotwell Maintainers <pkg-shotwell-maint@lists.alioth.debian.org> Changed-By: Matteo F. Vescovi <mfv@debian.org> Description: libraw-bin - raw image decoder library (tools) libraw-dev - raw image decoder library (development files) libraw-doc - raw image decoder library (documentation) libraw5 - raw image decoder library Closes: 786788 Changes: libraw (0.14.6-2+deb7u1) wheezy; urgency=high . * debian/patches/: patchset updated - 0001-Fix_CVE-2015-3885.patch added (Closes: #786788) | Integer overflow in the ljpeg_start function | in dcraw 7.00 and earlier allows remote attackers | to cause a denial of service (crash) via a | crafted image, which triggers a buffer overflow, | related to the len variable. Checksums-Sha1: e4e8a18afbaa866534b61b07004e9666d7a0c7c9 2120 libraw_0.14.6-2+deb7u1.dsc c5cffaa69b4908518ad2db5b3561dddc739b7328 7376 libraw_0.14.6-2+deb7u1.debian.tar.xz ef45a501deb613983f8099f366236a7d08741655 114478 libraw-doc_0.14.6-2+deb7u1_all.deb Checksums-Sha256: 9fe6e304ada617655a24009d8c17eaba77fe9d1b5200d3915f476d29f3475ed6 2120 libraw_0.14.6-2+deb7u1.dsc 7cdc1f966a6803b964b8e253ed5f3379065f2177827a3c669dab9c248bcd89f2 7376 libraw_0.14.6-2+deb7u1.debian.tar.xz 27376e6666594a880d6c767e61851e76d4c610d927d5d6b28ff73810cdc8fdec 114478 libraw-doc_0.14.6-2+deb7u1_all.deb Files: ef49ba947125fc4e64f0552233616798 2120 libs optional libraw_0.14.6-2+deb7u1.dsc e3202919175029ad3829966b8fdc013b 7376 libs optional libraw_0.14.6-2+deb7u1.debian.tar.xz 34420c67716e62b347f06242691c6f97 114478 doc optional libraw-doc_0.14.6-2+deb7u1_all.deb -----BEGIN PGP SIGNATURE----- Comment: Debian powered! iQJ8BAEBCgBmBQJVfZDPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGM0REMDlGOERBODdEMURGNTA0NkM5OUIw NjEyRjQ5NDRFQ0RDRDVBAAoJEAYS9JROzc1ap5UQAIYSE44DK8oYrZqSKzSViNN3 p+KgEt2E0xUHP27bdUd1pnLEWj9gZY5/Uku3TZbx3rxFThqbLc3xxww3grSRifXH +5otwH+ECkS+HAelZ3psw7chTLDc1nNVPUteaPgQV2Qp0F6xH9JcDh7KndfWbDnU F78vs6NVNdNyEm6hBvKvXOtSFxDysduN/VljKyrIUKSdH1khNPUGnNA9ooBdOoI5 tpF6R1yqArZ3phAJaGYNjYjNp2Iu/zWSpbePNwfm57jR58rIJ/EezolkjGecBa2+ ey8+vZOoy7StzYEiE/UcwLLxQvePOCIASBCSiIrBKQwvff8m07sqNi7OXQtTBK4C LlDIH9j1jHyb0WTubXUVS+Zgu22ywTT6hgRTbY8twlY/+LrPgZfTyLTCe48wPUE4 nTVu4Aum2kxpKT2MtllcZ3MPN8Fu82pJz5XvoNZ5kLrebWTjG+ekZ5AGSwqf4oJ6 rWV+tgtX+eJOV8IU2k/iZedywPCHLz/ve771DJ1/SKSdaStRPVWfpoRRWqYVv/qE TDLW6nGpO8bTX1/2QVEJGvFTvWNNpP+4tnmvLQHhuSbXvgsA+pOlzM0WoQHgxE/4 jx7PXrESe/+ZrTXO97qgiMz9rP5hKrIwISkrNWFeT/B1m+77sZqReTep7EY/Wehw kD+tSEmLDPjQDQjze0bq =ceS/ -----END PGP SIGNATURE-----