Register | Log in

libraw

Choose email to subscribe with

general

source: libraw (main)
version: 0.19.2-2
maintainer: Debian PhotoTools Maintainers (archive) [DMD]
uploaders: Matteo F. Vescovi [DMD]
arch: all any
std-ver: 4.3.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.14.6-2+deb7u1
o-o-sec: 0.14.6-2+deb7u3
oldstable: 0.16.0-9+deb8u3
old-sec: 0.16.0-9+deb8u3
stable: 0.17.2-6+deb9u1
stable-sec: 0.17.2-6+deb9u1
testing: 0.19.2-2
unstable: 0.19.2-2

versioned links

0.14.6-2+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.14.6-2+deb7u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-9+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17.2-6+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libraw-bin
libraw-dev
libraw-doc
libraw19

action needed

The VCS repository is not up to date, push the missing commits. high

vcswatch reports that the current version of the package is not in its VCS.
Either you need to push your commits, or the information about the package's VCS are out of date. A common cause of the latter issue when using the Git VCS is not specifying the correct branch when the packaging is not in the default one (remote HEAD branch), which is usually "master" but can be modified in salsa.debian.org in the project's general settings with the "Default Branch" field). Alternatively the Vcs-Git field in debian/control can contain a "-b <branch-name>" suffix to indicate what branch is used for the Debian packaging.

Created: 2019-01-11 Last update: 2019-01-19 00:14

29 security issues in stretch high

There are 29 open security issues in stretch.

6 important issues:

CVE-2018-20364: LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-5809: An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-20337: There is a stack-based buffer overflow in the parse_makernote function of dcraw_common.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of service or possibly unspecified other impact.
CVE-2018-20363: LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
CVE-2018-5808: An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-20365: LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.

23 issues skipped by the security teams:

CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVE-2018-5811: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
CVE-2018-5818:
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2018-5805: A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5807: An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2018-5817:
CVE-2018-5813: An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVE-2018-5819:
CVE-2018-5804: A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
CVE-2018-5810: An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-10529: An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
CVE-2018-5815: An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
CVE-2018-10528: An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
CVE-2018-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2018-5806: An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5812: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

Please fix them.

Created: 2017-09-05 Last update: 2019-01-15 09:10

24 ignored security issues in jessie low

There are 24 open security issues in jessie.

24 issues skipped by the security teams:

CVE-2018-5811: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
CVE-2018-5818:
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2018-5805: A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
CVE-2018-5809: An error within the "LibRaw::parse_exif()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2018-5801: An error within the "LibRaw::unpack()" function (src/libraw_cxx.cpp) in LibRaw versions prior to 0.18.7 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5807: An error within the "samsung_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2018-5817:
CVE-2018-5813: An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.
CVE-2018-5819:
CVE-2018-5804: A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.
CVE-2018-5810: An error within the "rollei_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2018-10529: An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
CVE-2018-5815: An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.
CVE-2018-10528: An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
CVE-2018-5800: An off-by-one error within the "LibRaw::kodak_ycbcr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.7 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash.
CVE-2017-16910: An error within the "LibRaw::xtrans_interpolate()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause an invalid read memory access and subsequently a Denial of Service condition.
CVE-2018-5802: An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash.
CVE-2018-5806: An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
CVE-2018-5812: An error within the "nikon_coolscan_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to trigger a NULL pointer dereference.
CVE-2017-16909: An error related to the "LibRaw::panasonic_load_raw()" function (dcraw_common.cpp) in LibRaw versions prior to 0.18.6 can be exploited to cause a heap-based buffer overflow and subsequently cause a crash via a specially crafted TIFF image.
CVE-2018-5808: An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.

Please fix them.

Created: 2017-09-05 Last update: 2019-01-15 09:10

news

[2019-01-13] libraw 0.19.2-2 MIGRATED to testing (Debian testing watch)
[2019-01-10] Accepted libraw 0.19.2-2 (source) into unstable (Matteo F. Vescovi)
[2018-12-30] libraw 0.19.2-1 MIGRATED to testing (Debian testing watch)
[2018-12-27] Accepted libraw 0.19.2-1 (source) into unstable (Matteo F. Vescovi)
[2018-12-19] libraw 0.19.1-1 MIGRATED to testing (Debian testing watch)
[2018-12-19] libraw 0.19.1-1 MIGRATED to testing (Debian testing watch)
[2018-12-16] Accepted libraw 0.19.1-1 (source) into unstable (Matteo F. Vescovi)
[2018-11-12] libraw 0.19.0-4 MIGRATED to testing (Debian testing watch)
[2018-11-09] Accepted libraw 0.19.0-4 (source) into unstable (Matteo F. Vescovi)
[2018-08-31] libraw 0.19.0-3 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted libraw 0.19.0-3 (source) into unstable (Matteo F. Vescovi)
[2018-07-26] Accepted libraw 0.19.0-2 (source) into experimental (Matteo F. Vescovi)
[2018-07-23] Accepted libraw 0.19.0-1 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2018-07-16] libraw 0.18.13-1 MIGRATED to testing (Debian testing watch)
[2018-07-12] Accepted libraw 0.18.13-1 (source) into unstable (Matteo F. Vescovi)
[2018-06-01] libraw 0.18.11-1 MIGRATED to testing (Debian testing watch)
[2018-05-29] Accepted libraw 0.18.11-1 (source) into unstable (Matteo F. Vescovi)
[2018-03-12] libraw 0.18.8-2 MIGRATED to testing (Debian testing watch)
[2018-03-06] Accepted libraw 0.18.8-2 (source) into unstable (Matteo F. Vescovi)
[2018-03-04] Accepted libraw 0.18.8-1 (source) into unstable (Matteo F. Vescovi)
[2018-01-30] libraw 0.18.7-2 MIGRATED to testing (Debian testing watch)
[2018-01-24] Accepted libraw 0.18.7-2 (source) into unstable (Matteo F. Vescovi) (signed by: Mattia Rizzolo)
[2018-01-22] Accepted libraw 0.18.7-1 (source) into unstable (Matteo F. Vescovi) (signed by: Mattia Rizzolo)
[2018-01-13] libraw 0.18.6-1 MIGRATED to testing (Debian testing watch)
[2018-01-07] Accepted libraw 0.18.6-1 (source) into unstable (Matteo F. Vescovi) (signed by: Mattia Rizzolo)
[2017-10-12] libraw 0.18.5-1 MIGRATED to testing (Debian testing watch)
[2017-10-06] Accepted libraw 0.18.5-1 (source) into unstable (Matteo F. Vescovi)
[2017-09-24] Accepted libraw 0.14.6-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2017-08-22] Accepted libraw 0.16.0-9+deb8u3 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Matteo F. Vescovi)
[2017-08-22] Accepted libraw 0.17.2-6+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Luciano Bello)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.19.2-2
1 bug

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing