[Git][security-tracker-team/security-tracker][master] libraw buster DLA-3113-1 issued
Helmut Grohne (@helmutg)
helmutg at debian.org
Fri Sep 16 11:30:36 BST 2022
Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker
Commits:
acfccc61 by Helmut Grohne at 2022-09-16T12:29:24+02:00
libraw buster DLA-3113-1 issued
- - - - -
2 changed files:
- data/CVE/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -126025,30 +126025,38 @@ CVE-2020-35536 (In gcc, an internal compiler error in match_reload function at l
TODO: check
CVE-2020-35535 (In LibRaw, there is an out-of-bounds read vulnerability within the "Li ...)
- libraw 0.20.0-4
+ [buster] - libraw <not-affected> (sonySR2 decoder added later)
+ [stretch] - libraw <not-affected> (sonySR2 decoder added later)
NOTE: https://github.com/LibRaw/LibRaw/issues/283
NOTE: https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 (0.20-RC2)
CVE-2020-35534 (In LibRaw, there is a memory corruption vulnerability within the "crxF ...)
- libraw 0.20.0-4
+ [buster] - libraw <not-affected> (Canon CR3 decoder added later)
+ [stretch] - libraw <not-affected> (Canon CR3 decoder added later)
NOTE: https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/279
CVE-2020-35533 (In LibRaw, an out-of-bounds read vulnerability exists within the "LibR ...)
{DLA-3113-1}
- libraw 0.20.0-4
+ [buster] - libraw 0.19.2-2+deb10u1
NOTE: https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/273
CVE-2020-35532 (In LibRaw, an out-of-bounds read vulnerability exists within the "simp ...)
{DLA-3113-1}
- libraw 0.20.0-4
+ [buster] - libraw 0.19.2-2+deb10u1
NOTE: https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/271
CVE-2020-35531 (In LibRaw, an out-of-bounds read vulnerability exists within the get_h ...)
{DLA-3113-1}
- libraw 0.20.0-4
+ [buster] - libraw 0.19.2-2+deb10u1
NOTE: https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/270
CVE-2020-35530 (In LibRaw, there is an out-of-bounds write vulnerability within the "n ...)
{DLA-3113-1}
- libraw 0.20.0-4
+ [buster] - libraw 0.19.2-2+deb10u1
NOTE: https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb (0.20-RC2)
NOTE: https://github.com/LibRaw/LibRaw/issues/272
CVE-2020-35529
=====================================
data/dla-needed.txt
=====================================
@@ -69,9 +69,6 @@ kopanocore
NOTE: 20220801: Programming language: C++.
NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
--
-libraw (Helmut Grohne)
- NOTE: 20220904: Programming language: C++.
---
linux (Ben Hutchings)
--
mako
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfccc6158c3d493c7d3b4132f852f570a0a0df5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfccc6158c3d493c7d3b4132f852f570a0a0df5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/196e5738/attachment.htm>
More information about the debian-security-tracker-commits
mailing list