[Pkg-phototools-devel] Bug#711316: Bug#711316: Bug#711316: Bug#711316: darktable: CVE-2013-2126: double free

David Bremner bremner at debian.org
Thu Jun 13 02:03:13 UTC 2013


David Bremner <bremner at debian.org> writes:
>
> Darktable upstream just cherry picked that to their current release
> branches. I don't know yet if the same patch applies to the version in
> wheezy.

And indeed it does not apply. I _think_ this is good news, as my reading
of upstream git is that the embedded libraw is version 0.13..  The
output from "git log -- src/external/LibRaw" is at the end of this message.

Since the vulnerability is only claimed to be in 0.14 and 0.15, this
sounds like no stable update is needed for this bug.

----------

commit f5ebf087163eaf85dc93c6db730d635732085150
Author: John Sheu <john.sheu+darktable at gmail.com>
Date:   Wed Mar 28 21:03:47 2012 +1300

    temporary fix for compile warnings while waiting for new libraw.

commit 9ad61751c0c5294cdc864d8e1ace6ce8edb3d3d1
Author: johannes hanika <hanatos at gmail.com>
Date:   Sat Mar 10 12:36:43 2012 +1300

    Revert "updated libraw to 0.14.5"
    
    seems it doesn't read the camera white balance anymore for dng files.
    This reverts commit 6287dc7a4e64cbb5c8624f23571531395a1b6342.
    
    Conflicts:
    
    	src/external/LibRaw/internal/dcraw_common.cpp

commit af6aa6ba2b30a9dd669f5bf10ad1743bd7a125ab
Author: James C. McPherson <jmcp at jmcp.homeunix.com>
Date:   Wed Mar 7 07:51:01 2012 +1000

    Update build.sh to provide easier build experience for Solaris 11 Add <unistd.h> and XOPEN_SOURCE=600 where necessary for Solaris 11

commit 6287dc7a4e64cbb5c8624f23571531395a1b6342
Author: johannes hanika <hanatos at gmail.com>
Date:   Sun Mar 4 22:15:48 2012 +1300

    updated libraw to 0.14.5

commit 223dbde60e79f1c65ecf23b307fb032f177c25c3
Author: Ammon Riley <ammon.riley at gmail.com>
Date:   Thu Feb 23 21:51:17 2012 -0800

    Added include for strncasecmp on OSX

commit 6b9fff147ddbfa411dab066835533b3f69fb9b79
Author: Edward Herr <edward.herr at amphigory.org>
Date:   Sun Jan 22 15:16:10 2012 +0100

    Add support for Panasonic DMC-GX1

commit 29456890c1dbbcab599472164eab9472b5108b5d
Author: Henrik Andersson <hean01 at users.sourceforge.net>
Date:   Tue Sep 20 22:19:33 2011 +0200

    Update LibRaw to latest stable 0.13.8.

commit 47c45d349984db24248d6e2e128838dfd5410f65
Author: Henrik Andersson <hean01 at users.sourceforge.net>
Date:   Tue Sep 20 22:07:02 2011 +0200

    Reveresed the LibRaw upgrade to 0.14 beta, lets redo with latest
    stable version.

commit e065e85a555c0f121770f6cc8888acf41d29b2a4
Author: Henrik Andersson <hean01 at users.sourceforge.net>
Date:   Mon Sep 19 22:14:04 2011 +0200

    2 files lost from previous commit :)

commit f0bd87bbb79382843981aa745e686b22d5d1dea0
Author: Henrik Andersson <hean01 at users.sourceforge.net>
Date:   Mon Sep 19 21:53:05 2011 +0200

    Updated libraw to 0.14b2 fixes the problem of reading
    of wb color multilpiers from Sony NEX-5 raw images.

commit db50fb99e0dff272555f6e6d8b2eaf6499e14992
Author: Henrik Andersson <hean01 at users.sourceforge.net>
Date:   Sun Jul 24 19:13:03 2011 +0200

    Moved LibRaw and rawspeed into external and update buildfiles..



More information about the Pkg-phototools-devel mailing list