It was found that phase_one_correct function does not handle memory object’s initialization
correctly, which may have unspecified impact.
It was found that smal_decode_segment function do not handle index carefully, which may cause index overflow.
@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Version bumped in tree that should fix this security issue. I'd say let's wait for a day or two before stabilizing.
No reported regressions so far, so I guess it should be okay to stabilize media-libs/libraw-0.17.1
please test and mark stable: =media-libs/libraw-0.17.2
Stable on alpha.
Stable for HPPA.
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
vulnerable versions removed.
GLSA request filed.
This issue was resolved and addressed in
GLSA 201701-60 at https://security.gentoo.org/glsa/201701-60
by GLSA coordinator Aaron Bauman (b-man).