[Git][security-tracker-team/security-tracker][master] Track fixes for libraw via unstable

Salvatore Bonaccorso (@carnil) carnil at debian.org
Mon May 11 13:37:37 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
31e092ab by Salvatore Bonaccorso at 2026-05-11T14:37:12+02:00
Track fixes for libraw via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20070,11 +20070,11 @@ CVE-2026-27315 (Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allo
 CVE-2026-27314 (Privilege escalationin Apache Cassandra 5.0 on an mTLS environment usi ...)
 	- cassandra <itp> (bug #585905)
 CVE-2026-24660 (A heap-based buffer overflow vulnerability exists in the x3f_load_huff ...)
-	- libraw <unfixed> (bug #1133845)
+	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a4a0ab69d286c7638741e70a11f04fb3d7b49db2
 CVE-2026-24450 (An integer overflow vulnerability exists in the uncompressed_fp_dng_lo ...)
-	- libraw <unfixed> (bug #1133845)
+	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a58727c1a3cfef4101700e546a6a661c6a299d97
 CVE-2026-24175 (NVIDIA Triton Inference Server contains a vulnerability where an attac ...)
@@ -20106,19 +20106,19 @@ CVE-2026-22679 (Weaver (Fanwei) E-cology 10.0 versions prior to20260312 contain
 CVE-2026-22666 (Dolibarr ERP/CRM versions prior to 23.0.2 contain an authenticated rem ...)
 	- dolibarr <removed>
 CVE-2026-21413 (A heap-based buffer overflow vulnerability exists in the lossless_jpeg ...)
-	- libraw <unfixed> (bug #1133845)
+	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
 	NOTE: https://github.com/LibRaw/LibRaw/commit/32c7b783de262f21fa5e3f58a59031edf23ab3cb
 CVE-2026-20911 (A heap-based buffer overflow vulnerability exists in the HuffTable::in ...)
-	- libraw <unfixed> (bug #1133845)
+	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330
 	NOTE: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
 CVE-2026-20889 (A heap-based buffer overflow vulnerability exists in the x3f_thumb_loa ...)
-	- libraw <unfixed> (bug #1133845)
+	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358
 	NOTE: https://github.com/LibRaw/LibRaw/commit/657b68d20456eaeb9639976f328827195ff41383
 CVE-2026-20884 (An integer overflow vulnerability exists in the deflate_dng_load_raw f ...)
-	- libraw <unfixed> (bug #1133845)
+	- libraw 0.22.1-1 (bug #1133845)
 	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364
 	NOTE: https://github.com/LibRaw/LibRaw/commit/39873163faa29ed5dfc3bb5aab1b46ed807b210f
 CVE-2026-1079 (A native messaging host vulnerability in Pega Browser Extension (PBE)  ...)
@@ -22132,7 +22132,7 @@ CVE-2026-5346 (A vulnerability was determined in huimeicloud hm_editor up to 2.2
 CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to 4.9.1. ...)
 	- textpattern <removed>
 CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the functio ...)
-	- libraw <unfixed> (bug #1132655)
+	- libraw 0.22.1-1 (bug #1132655)
 	[trixie] - libraw <no-dsa> (Minor issue)
 	[bookworm] - libraw <no-dsa> (Minor issue)
 	[bullseye] - libraw <postponed> (Minor issue)
@@ -22722,7 +22722,7 @@ CVE-2026-5320 (A vulnerability was detected in vanna-ai vanna up to 2.0.2. Affec
 CVE-2026-5319 (A security vulnerability has been detected in itsourcecode Payroll Man ...)
 	NOT-FOR-US: itsourcecode System
 CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This impacts th ...)
-	- libraw <unfixed> (bug #1132655)
+	- libraw 0.22.1-1 (bug #1132655)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/794
 	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
 CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. This a ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e092ab1c4f2205bca95d5a2acc7c3f65b5d237

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e092ab1c4f2205bca95d5a2acc7c3f65b5d237
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260511/619b4acf/attachment.htm>

More information about the debian-security-tracker-commits mailing list