s-pu upload to fix no-dsa security issues in libraw

Guilhem Moulin guilhem at debian.org
Fri May 23 12:54:25 BST 2025


On Sun, 18 May 2025 at 14:09:26 +0200, Guilhem Moulin wrote:
> While working on an upload for buster ELTS I noticed the version of
> src:libraw currently found in bookworm is vulnerable to CVE-2025-4396[1-4]
> (marked no-dsa by the security team) [0].  The issues are already fixed
> in trixie and bullseye-security so it makes sense to fix them in
> bookworm as well.
>
> The upstream patches trivially apply to 0.20.2-2.1.  I attach a tested
> debdiff; individual commits and tag can be found on the LTS team fork [1].
>
> Unless you object I'll file a bookworm-pu bug with these changes.

Filed the -pu bug now: #1106358.

-- 
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-phototools-devel/attachments/20250523/33f0c9a0/attachment.sig>


More information about the Pkg-phototools-devel mailing list