Register | Log in

libraw

Choose email to subscribe with

general

source: libraw (main)
version: 0.19.0-4
maintainer: Debian PhotoTools Maintainers (archive) [DMD]
uploaders: Matteo F. Vescovi [DMD]
arch: all any
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.14.6-2+deb7u1
o-o-sec: 0.14.6-2+deb7u3
oldstable: 0.16.0-9+deb8u3
old-sec: 0.16.0-9+deb8u3
stable: 0.17.2-6+deb9u1
stable-sec: 0.17.2-6+deb9u1
testing: 0.19.0-4
unstable: 0.19.0-4

versioned links

0.14.6-2+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.14.6-2+deb7u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.16.0-9+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.17.2-6+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.0-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libraw-bin
libraw-dev
libraw-doc
libraw19

action needed

19 ignored security issues in jessie low

There are 19 open security issues in jessie.

19 issues skipped by the security teams:

CVE-2017-16910:
CVE-2018-5805:
CVE-2018-5802:
CVE-2018-5812:
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2018-5810:
CVE-2018-5800:
CVE-2018-10528: An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
CVE-2018-5813:
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2018-5811:
CVE-2017-16909:
CVE-2018-5801:
CVE-2018-5807:
CVE-2018-5815:
CVE-2018-5806:
CVE-2018-10529: An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
CVE-2018-5804:
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

Please fix them.

Created: 2017-09-05 Last update: 2018-11-12 08:03

20 ignored security issues in stretch low

There are 20 open security issues in stretch.

20 issues skipped by the security teams:

CVE-2017-16910:
CVE-2018-5805:
CVE-2018-5802:
CVE-2018-5812:
CVE-2017-14608: In LibRaw through 0.18.4, an out of bounds read flaw related to kodak_65000_load_raw has been reported in dcraw/dcraw.c and internal/dcraw_common.cpp. An attacker could possibly exploit this flaw to disclose potentially sensitive memory or cause an application crash.
CVE-2018-5810:
CVE-2018-5800:
CVE-2018-10528: An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp.
CVE-2017-14348: LibRaw before 0.18.4 has a heap-based Buffer Overflow in the processCanonCameraInfo function via a crafted file.
CVE-2018-5813:
CVE-2017-13735: There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
CVE-2018-5811:
CVE-2017-16909:
CVE-2018-5801:
CVE-2018-5807:
CVE-2018-5815:
CVE-2018-5806:
CVE-2018-10529: An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp.
CVE-2018-5804:
CVE-2017-14265: A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.

Please fix them.

Created: 2017-09-05 Last update: 2018-11-12 08:03

news

[2018-11-12] libraw 0.19.0-4 MIGRATED to testing (Debian testing watch)
[2018-11-09] Accepted libraw 0.19.0-4 (source) into unstable (Matteo F. Vescovi)
[2018-08-31] libraw 0.19.0-3 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted libraw 0.19.0-3 (source) into unstable (Matteo F. Vescovi)
[2018-07-26] Accepted libraw 0.19.0-2 (source) into experimental (Matteo F. Vescovi)
[2018-07-23] Accepted libraw 0.19.0-1 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2018-07-16] libraw 0.18.13-1 MIGRATED to testing (Debian testing watch)
[2018-07-12] Accepted libraw 0.18.13-1 (source) into unstable (Matteo F. Vescovi)
[2018-06-01] libraw 0.18.11-1 MIGRATED to testing (Debian testing watch)
[2018-05-29] Accepted libraw 0.18.11-1 (source) into unstable (Matteo F. Vescovi)
[2018-03-12] libraw 0.18.8-2 MIGRATED to testing (Debian testing watch)
[2018-03-06] Accepted libraw 0.18.8-2 (source) into unstable (Matteo F. Vescovi)
[2018-03-04] Accepted libraw 0.18.8-1 (source) into unstable (Matteo F. Vescovi)
[2018-01-30] libraw 0.18.7-2 MIGRATED to testing (Debian testing watch)
[2018-01-24] Accepted libraw 0.18.7-2 (source) into unstable (Matteo F. Vescovi) (signed by: Mattia Rizzolo)
[2018-01-22] Accepted libraw 0.18.7-1 (source) into unstable (Matteo F. Vescovi) (signed by: Mattia Rizzolo)
[2018-01-13] libraw 0.18.6-1 MIGRATED to testing (Debian testing watch)
[2018-01-07] Accepted libraw 0.18.6-1 (source) into unstable (Matteo F. Vescovi) (signed by: Mattia Rizzolo)
[2017-10-12] libraw 0.18.5-1 MIGRATED to testing (Debian testing watch)
[2017-10-06] Accepted libraw 0.18.5-1 (source) into unstable (Matteo F. Vescovi)
[2017-09-24] Accepted libraw 0.14.6-2+deb7u3 (source amd64 all) into oldoldstable (Thorsten Alteholz)
[2017-08-22] Accepted libraw 0.16.0-9+deb8u3 (source amd64 all) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Matteo F. Vescovi)
[2017-08-22] Accepted libraw 0.17.2-6+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Luciano Bello)
[2017-08-14] Accepted libraw 0.14.6-2+deb7u2 (source amd64 all) into oldoldstable (Emilio Pozuelo Monfort)
[2017-06-29] libraw 0.18.2-2 MIGRATED to testing (Debian testing watch)
[2017-06-22] Accepted libraw 0.18.2-2 (source) into unstable (Matteo F. Vescovi)
[2017-03-25] Accepted libraw 0.18.2-1 (source) into experimental (Matteo F. Vescovi)
[2017-03-03] Accepted libraw 0.18.1-1 (source) into experimental (Matteo F. Vescovi)
[2017-01-10] Accepted libraw 0.18.0-1 (source amd64 all) into experimental, experimental (Matteo F. Vescovi)
[2016-08-31] libraw 0.17.2-6 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.18.13-1
2 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing