Register | Log in

libraw

Choose email to subscribe with

general

source: libraw (main)
version: 0.21.4-2
maintainer: Debian PhotoTools Maintainers (archive) (DMD)
uploaders: Matteo F. Vescovi [DMD]
arch: all any
std-ver: 4.7.2
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.19.2-2
o-o-sec: 0.19.2-2+deb10u4
oldstable: 0.20.2-1+deb11u1
old-sec: 0.20.2-1+deb11u2
stable: 0.20.2-2.1
testing: 0.21.3-1
unstable: 0.21.4-2

versioned links

0.19.2-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.19.2-2+deb10u4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.20.2-1+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.20.2-1+deb11u2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.20.2-2.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.21.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.21.4-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libraw-bin
libraw-dev
libraw-doc
libraw23t64

action needed

4 security issues in trixie high

There are 4 open security issues in trixie.

4 important issues:

CVE-2025-43961: In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
CVE-2025-43962: In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
CVE-2025-43963: In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
CVE-2025-43964: In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

Created: 2025-04-21 Last update: 2025-04-29 15:05

lintian reports 2 errors and 11 warnings high

Lintian reports 2 errors and 11 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2024-03-01 Last update: 2025-04-25 03:30

4 low-priority security issues in bookworm low

There are 4 open security issues in bookworm.

4 issues left for the package maintainer to handle:

CVE-2025-43961: (needs triaging) In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser.
CVE-2025-43962: (needs triaging) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations.
CVE-2025-43963: (needs triaging) In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing.
CVE-2025-43964: (needs triaging) In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.

You can find information about how to handle these issues in the security team's documentation.

Created: 2025-04-21 Last update: 2025-04-29 15:05

testing migrations

excuses:
- Migration status for libraw (0.21.3-1 to 0.21.4-2): Waiting for test results or another package, or too young (no action required now - check later)
- Issues preventing migration:
- ∙ ∙ Too young, only 9 of 10 days old
- Additional info:
- ∙ ∙ Piuparts tested OK - https://piuparts.debian.org/sid/source/libr/libraw.html
- ∙ ∙ autopkgtest for libraw/0.21.4-2: amd64: Pass, arm64: Pass, armel: Pass, armhf: Pass, i386: Pass, ppc64el: Pass, riscv64: Pass, s390x: Pass
- ∙ ∙ Reproducible on amd64 - info ♻
- ∙ ∙ Reproducible on arm64 - info ♻
- ∙ ∙ Waiting for reproducibility test results on armhf - info ♻
- ∙ ∙ Reproducible on i386 - info ♻
- Not considered

news

[2025-04-29] Accepted libraw 0.20.2-1+deb11u2 (source) into oldstable-security (Andreas Henriksson)
[2025-04-24] Accepted libraw 0.21.4-2 (source) into unstable (xiao sheng wen)
[2025-04-24] Accepted libraw 0.21.4-1 (source) into unstable (xiao sheng wen)
[2024-10-27] libraw 0.21.3-1 MIGRATED to testing (Debian testing watch)
[2024-10-24] Accepted libraw 0.21.3-1 (source) into unstable (Matteo F. Vescovi)
[2024-04-24] libraw 0.21.2-2.1 MIGRATED to testing (Debian testing watch)
[2024-02-28] Accepted libraw 0.21.2-2.1 (source) into unstable (Benjamin Drung)
[2024-02-02] Accepted libraw 0.21.2-2.1~exp1 (source) into experimental (Steve Langasek)
[2024-01-19] libraw 0.21.2-2 MIGRATED to testing (Debian testing watch)
[2024-01-17] Accepted libraw 0.21.2-2 (source) into unstable (Gianfranco Costamagna)
[2024-01-17] libraw 0.21.2-1 MIGRATED to testing (Debian testing watch)
[2024-01-14] Accepted libraw 0.21.2-1 (source) into unstable (Matteo F. Vescovi)
[2023-09-10] Accepted libraw 0.19.2-2+deb10u4 (source) into oldoldstable (Guilhem Moulin)
[2023-07-26] libraw 0.21.1-7 MIGRATED to testing (Debian testing watch)
[2023-07-24] Accepted libraw 0.21.1-7 (source) into unstable (Matteo F. Vescovi)
[2023-07-22] Accepted libraw 0.21.1-6 (source) into unstable (Matteo F. Vescovi)
[2023-07-18] Accepted libraw 0.21.1-5 (source) into unstable (Matteo F. Vescovi)
[2023-07-17] libraw 0.21.1-4 MIGRATED to testing (Debian testing watch)
[2023-07-02] Accepted libraw 0.21.1-4 (source) into unstable (Matteo F. Vescovi)
[2023-05-29] Accepted libraw 0.20.2-1+deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2023-05-27] Accepted libraw 0.20.2-1+deb11u1 (source) into stable-security (Debian FTP Masters) (signed by: Salvatore Bonaccorso)
[2023-05-27] Accepted libraw 0.19.2-2+deb10u3 (source) into oldstable (Guilhem Moulin)
[2023-05-24] libraw 0.20.2-2.1 MIGRATED to testing (Debian testing watch)
[2023-05-21] Accepted libraw 0.20.2-2.1 (source) into unstable (Salvatore Bonaccorso)
[2023-03-01] Accepted libraw 0.21.1-3 (source) into experimental (Matteo F. Vescovi)
[2023-02-27] Accepted libraw 0.21.1-2 (source) into experimental (Matteo F. Vescovi)
[2023-01-24] Accepted libraw 0.21.1-1 (source amd64 all) into experimental (Debian FTP Masters) (signed by: Matteo F. Vescovi)
[2022-11-30] Accepted libraw 0.19.2-2+deb10u2 (source) into oldstable (Helmut Grohne)
[2022-09-16] Accepted libraw 0.19.2-2+deb10u1 (source) into oldstable (Helmut Grohne)
[2022-01-29] Accepted libraw 0.17.2-6+deb9u2 (source) into oldoldstable (Abhijith PA)

1
2

bugs [bug history graph]

all: 0

links

homepage
lintian (2, 11)
buildd: logs, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.21.4-2

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing