Summary: | <media-gfx/rawtherapee-4.2-r1: input sanitization errors (CVE-2015-3885) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | graphics+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2015/05/11/4 | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-05-13 07:24:06 UTC
No rdeps. Please consider for tree cleaning. CVE-2015-3885 (vulnerability in dcraw) was fixed by upstream in dcraw-9.26.0, see bug 549336. Upstream updated to dcraw-9.27 via https://github.com/Beep6581/RawTherapee/commit/18243db5bafb63595fd561c89a7b7676483ef843 but didn't tagged a release yet. Because upstream seems to be alive I requested a new release, see https://github.com/Beep6581/RawTherapee/issues/3521 This bug is obsolete. Can be closed. (In reply to DrSlony from comment #3) > This bug is obsolete. Can be closed. why is it obsolete? @maintainer(s), please clean the vulnerable versions. tree is clean. |