Debian Package Tracker

general

source: libraw (source, libs)
version: 0.18.2-2
maintainer: Debian PhotoTools Maintainers (archive) [DMD]
uploaders: Matteo F. Vescovi [DMD]
arch: all any
std-ver: 4.0.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.14.6-2+deb7u1
o-o-sec: 0.14.6-2+deb7u3
oldstable: 0.16.0-9+deb8u2
old-sec: 0.16.0-9+deb8u3
old-p-u: 0.16.0-9+deb8u3
stable: 0.17.2-6
stable-sec: 0.17.2-6+deb9u1
stable-p-u: 0.17.2-6+deb9u1
testing: 0.18.2-2
unstable: 0.18.2-2

versioned links

0.14.6-2+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.14.6-2+deb7u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-9+deb8u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-9+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17.2-6: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17.2-6+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.18.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libraw-bin
libraw-dev
libraw-doc
libraw16

action needed

4 security issues in sid

high

There are 4 open security issues in sid.

4 important issues:

CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

Please fix them.

Created: 2017-09-05 Last update: 2017-09-24 19:19

4 security issues in buster

high

There are 4 open security issues in buster.

4 important issues:

CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

Please fix them.

Created: 2017-09-05 Last update: 2017-09-24 19:19

4 security issues in jessie

high

There are 4 open security issues in jessie.

4 important issues:

CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

Please fix them.

Created: 2017-09-05 Last update: 2017-09-24 19:19

4 security issues in stretch

high

There are 4 open security issues in stretch.

4 important issues:

CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

Please fix them.

Created: 2017-09-05 Last update: 2017-09-24 19:19

A new upstream version is available: 0.18.5

high

A new upstream version 0.18.5 is available, you should consider packaging it.

Created: 2017-09-11 Last update: 2017-09-24 19:18

1 bug tagged patch in the BTS

normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2017-09-09 Last update: 2017-09-24 19:04

lintian reports 8 warnings

normal

Lintian reports 8 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2017-07-28 Last update: 2017-09-24 07:11

4 ignored security issues in wheezy

low

There are 4 open security issues in wheezy.

4 issues skipped by the security teams:

CVE-2013-1439: The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted photo file.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2013-2126: Multiple double free vulnerabilities in the LibRaw::unpack function in libraw_cxx.cpp in LibRaw before 0.15.2 allow context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed full-color (1) Foveon or (2) sRAW image file.
CVE-2013-1438: Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in libraw, ufraw, shotwell, and other products, allows context-dependent attackers to cause a denial of service via a crafted photo file that triggers a (1) divide-by-zero, (2) infinite loop, or (3) NULL pointer dereference.

Please fix them.

Created: 2015-07-12 Last update: 2017-09-24 19:19

Standards version of the package is outdated.

wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.0 instead of 4.0.0).

Created: 2017-08-14 Last update: 2017-09-24 19:02

news

[rss feed]

[2017-09-24] Accepted libraw 0.14.6-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2017-08-22] Accepted libraw 0.16.0-9+deb8u3 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Matteo F. Vescovi)
[2017-08-22] Accepted libraw 0.17.2-6+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Luciano Bello)
[2017-08-14] Accepted libraw 0.14.6-2+deb7u2 (source amd64 all) into oldoldstable (Emilio Pozuelo Monfort)
[2017-06-29] libraw 0.18.2-2 MIGRATED to testing (Debian testing watch)
[2017-06-22] Accepted libraw 0.18.2-2 (source) into unstable (Matteo F. Vescovi)
[2017-03-25] Accepted libraw 0.18.2-1 (source) into experimental (Matteo F. Vescovi)
[2017-03-03] Accepted libraw 0.18.1-1 (source) into experimental (Matteo F. Vescovi)
[2017-01-10] Accepted libraw 0.18.0-1 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2016-08-31] libraw 0.17.2-6 MIGRATED to testing (Debian testing watch)
[2016-08-25] Accepted libraw 0.17.2-6 (source) into unstable (Matteo F. Vescovi)
[2016-08-24] Accepted libraw 0.17.2-5 (source) into unstable (Matteo F. Vescovi)
[2016-08-02] libraw 0.17.2-4 MIGRATED to testing (Debian testing watch)
[2016-07-27] Accepted libraw 0.17.2-4 (source) into unstable (Matteo F. Vescovi)
[2016-07-06] libraw 0.17.2-3 MIGRATED to testing (Debian testing watch)
[2016-06-30] Accepted libraw 0.17.2-3 (source) into unstable (Matteo F. Vescovi)
[2016-06-26] Accepted libraw 0.17.2-2 (source) into unstable (Matteo F. Vescovi)
[2016-05-31] libraw 0.17.2-1 MIGRATED to testing (Debian testing watch)
[2016-05-25] Accepted libraw 0.17.2-1 (source) into unstable (Matteo F. Vescovi)
[2016-01-01] Accepted libraw 0.16.0-9+deb8u2 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Matteo F. Vescovi)
[2015-12-06] libraw 0.17.1-1 MIGRATED to testing (Debian testing watch)
[2015-12-03] Accepted libraw 0.17.1-1 (source) into unstable (Matteo F. Vescovi)
[2015-10-22] libraw 0.17.0-1 MIGRATED to testing (Britney)
[2015-10-16] Accepted libraw 0.17.0-1 (source amd64 all) into unstable, unstable (Matteo F. Vescovi)
[2015-06-16] Accepted libraw 0.14.6-2+deb7u1 (source all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Matteo F. Vescovi)
[2015-06-09] Accepted libraw 0.9.1-1+deb6u1 (source all) into squeeze-lts (Matteo F. Vescovi)
[2015-05-29] Accepted libraw 0.16.0-9+deb8u1 (all source) into proposed-updates->stable-new, proposed-updates (Matteo F. Vescovi)
[2015-05-28] libraw 0.16.2-1 MIGRATED to testing (Britney)
[2015-05-26] Accepted libraw 0.16.2-1 (source all) into unstable (Matteo F. Vescovi)
[2014-10-06] libraw 0.16.0-9 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0

links

homepage
lintian (0, 8)
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.18.2-2
1 bug