[Git][security-tracker-team/security-tracker][master] libraw buster DLA-3113-1 issued

Helmut Grohne (@helmutg) helmutg at debian.org
Fri Sep 16 11:30:36 BST 2022



Helmut Grohne pushed to branch master at Debian Security Tracker / security-tracker


Commits:
acfccc61 by Helmut Grohne at 2022-09-16T12:29:24+02:00
libraw buster DLA-3113-1 issued

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -126025,30 +126025,38 @@ CVE-2020-35536 (In gcc, an internal compiler error in match_reload function at l
 	TODO: check
 CVE-2020-35535 (In LibRaw, there is an out-of-bounds read vulnerability within the "Li ...)
 	- libraw 0.20.0-4
+	[buster] - libraw <not-affected> (sonySR2 decoder added later)
+	[stretch] - libraw <not-affected> (sonySR2 decoder added later)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/283
 	NOTE: https://github.com/LibRaw/LibRaw/commit/c243f4539233053466c1309bde606815351bee81 (0.20-RC2)
 CVE-2020-35534 (In LibRaw, there is a memory corruption vulnerability within the "crxF ...)
 	- libraw 0.20.0-4
+	[buster] - libraw <not-affected> (Canon CR3 decoder added later)
+	[stretch] - libraw <not-affected> (Canon CR3 decoder added later)
 	NOTE: https://github.com/LibRaw/LibRaw/commit/e41f331e90b383e3208cefb74e006df44bf3a4b8 (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/279
 CVE-2020-35533 (In LibRaw, an out-of-bounds read vulnerability exists within the "LibR ...)
 	{DLA-3113-1}
 	- libraw 0.20.0-4
+	[buster] - libraw 0.19.2-2+deb10u1
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a6937d4046a7c4742b683a04c8564605fd9be4fb (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/273
 CVE-2020-35532 (In LibRaw, an out-of-bounds read vulnerability exists within the "simp ...)
 	{DLA-3113-1}
 	- libraw 0.20.0-4
+	[buster] - libraw 0.19.2-2+deb10u1
 	NOTE: https://github.com/LibRaw/LibRaw/commit/5ab45b085898e379fedc6b113e2e82a890602b1e (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/271
 CVE-2020-35531 (In LibRaw, an out-of-bounds read vulnerability exists within the get_h ...)
 	{DLA-3113-1}
 	- libraw 0.20.0-4
+	[buster] - libraw 0.19.2-2+deb10u1
 	NOTE: https://github.com/LibRaw/LibRaw/commit/d75af00681a74dcc8b929207eb895611a6eceb68 (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/270
 CVE-2020-35530 (In LibRaw, there is an out-of-bounds write vulnerability within the "n ...)
 	{DLA-3113-1}
 	- libraw 0.20.0-4
+	[buster] - libraw 0.19.2-2+deb10u1
 	NOTE: https://github.com/LibRaw/LibRaw/commit/11c4db253ef2c9bb44247b578f5caa57c66a1eeb (0.20-RC2)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/272
 CVE-2020-35529


=====================================
data/dla-needed.txt
=====================================
@@ -69,9 +69,6 @@ kopanocore
   NOTE: 20220801: Programming language: C++.
   NOTE: 20220811: Proposed a patch to CVE-2022-26562 (#1016973)
 --
-libraw (Helmut Grohne)
-  NOTE: 20220904: Programming language: C++.
---
 linux (Ben Hutchings)
 --
 mako



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfccc6158c3d493c7d3b4132f852f570a0a0df5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/acfccc6158c3d493c7d3b4132f852f570a0a0df5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220916/196e5738/attachment.htm>


More information about the debian-security-tracker-commits mailing list