Summary: | <media-libs/libraw-0.15.4 : two Denial of Service (CVE-2013-{1438,1439}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2013/08/29/3 | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 481910 |
Description
Agostino Sarubbo
2013-08-29 14:09:39 UTC
Arches, please stabilize: =media-libs/libraw-0.15.4 no stable keywords for alpha/arm/ia64/sparc, why you CC it? um. i'm look at bug 482544 and Pacho's comment. CC arches back, sorry amd64/ppc/ppc64/x86 stable arm stable sparc stable alpha stable GLSA vote: yes we already have draft for libraw GLSA vote: yes, added to GLSA draft. @maintainers: cleanup please. Maintainer timeout: vulnerable versions are removed from tree This issue was resolved and addressed in GLSA 201309-09 at http://security.gentoo.org/glsa/glsa-201309-09.xml by GLSA coordinator Chris Reffett (creffett). CVE-2013-1439 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1439): The "faster LJPEG decoder" in libraw 0.13.x, 0.14.x, and 0.15.x before 0.15.4 allows context-dependent attackers cause a denial of service (NULL pointer dereference) via a crafted photo file. |