[Pkg-phototools-devel] Bug#711316: Bug#711316: Bug#711316: darktable: CVE-2013-2126: double free
David Bremner
bremner at debian.org
Mon Jun 10 11:52:15 UTC 2013
David Bremner <bremner at debian.org> writes:
> I'm not sure yet that the vulnerability occurs in the version of libraw
> embedded in darktable. There is some relevant discussion on the
> darktable developers list
>
> http://article.gmane.org/gmane.comp.graphics.darktable.devel/2628
>
> If nothing else, the proposed patch won't apply, because raw_alloc
> doesn't occur at all in src/External/LibRaw/src/libraw_cxx.cpp
It seems like this might be the backported fix (suggesting there was
indeed a problem to fix).
https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a
Darktable upstream just cherry picked that to their current release
branches. I don't know yet if the same patch applies to the version in
wheezy.
d
More information about the Pkg-phototools-devel
mailing list