(https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10528): An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer overflow in the utf2char function in libraw_cxx.cpp. https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564 https://github.com/LibRaw/LibRaw/issues/144 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10529): An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds read affecting the X3F property table list implementation in libraw_x3f.cpp and libraw_cxx.cpp. https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c https://github.com/LibRaw/LibRaw/issues/144 Upstream states "[fix]To be reflected in Changelog on 0.18.10 release"
Update: LibRaw 0.18.11 (update: was 0.18.3...0.18.10) https://www.libraw.org/news/libraw-0-18-11
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=60f04b5bbe482a9bfa026b7c1d49df2e13ee3ff4 commit 60f04b5bbe482a9bfa026b7c1d49df2e13ee3ff4 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-05-22 14:16:30 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-05-22 14:32:22 +0000 media-libs/libraw: Bump to version 0.18.11 Bug: https://bugs.gentoo.org/654376 Closes: https://bugs.gentoo.org/655144 Package-Manager: Portage-2.3.38, Repoman-2.3.9 media-libs/libraw/Manifest | 1 + media-libs/libraw/libraw-0.18.11.ebuild | 66 +++++++++++++++++++++++++++++++++ 2 files changed, 67 insertions(+)
Arches, go ahead.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dfc7b064706870f676e1f69642d77e668ed6e4d commit 0dfc7b064706870f676e1f69642d77e668ed6e4d Author: Agostino Sarubbo <ago@gentoo.org> AuthorDate: 2018-05-23 10:04:36 +0000 Commit: Agostino Sarubbo <ago@gentoo.org> CommitDate: 2018-05-23 10:04:36 +0000 media-libs/libraw: amd64 stable wrt bug #654376 Bug: https://bugs.gentoo.org/654376 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="amd64" Committed-with: The-Ultimate-Committer-0.1 media-libs/libraw/libraw-0.18.11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8ce45ea1c6a29ad3cf1c1bc186b3d41797397a9d commit 8ce45ea1c6a29ad3cf1c1bc186b3d41797397a9d Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-23 19:03:38 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-23 19:03:48 +0000 media-libs/libraw: stable 0.18.11 for ia64, bug #654376 Bug: https://bugs.gentoo.org/654376 Package-Manager: Portage-2.3.38, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" media-libs/libraw/libraw-0.18.11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 stable
arm stable
Stable on alpha.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f4476a4804dae2a2e7efa271dec893ea3e6f12d commit 7f4476a4804dae2a2e7efa271dec893ea3e6f12d Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-15 10:00:34 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-15 10:24:32 +0000 media-libs/libraw: stable 0.18.11 for ppc, bug #654376 Bug: https://bugs.gentoo.org/654376 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" media-libs/libraw/libraw-0.18.11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=30c2784981bd15f85aad3a7de4accadcb58cf786 commit 30c2784981bd15f85aad3a7de4accadcb58cf786 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-07-15 09:51:19 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-15 10:24:28 +0000 media-libs/libraw: stable 0.18.11 for ppc64, bug #654376 Bug: https://bugs.gentoo.org/654376 Package-Manager: Portage-2.3.42, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" media-libs/libraw/libraw-0.18.11.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=11672b476e8d21c6485b89119a9179d899ccbaab commit 11672b476e8d21c6485b89119a9179d899ccbaab Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2018-09-14 18:50:24 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2018-09-15 02:30:29 +0000 media-libs/libraw: Security cleanup Bug: https://bugs.gentoo.org/654376 Package-Manager: Portage-2.3.49, Repoman-2.3.10 media-libs/libraw/Manifest | 4 -- .../libraw/files/libraw-0.18.4-glibc-2.27.patch | 14 ----- media-libs/libraw/libraw-0.18.4.ebuild | 67 ---------------------- media-libs/libraw/libraw-0.18.8.ebuild | 63 -------------------- 4 files changed, 148 deletions(-)
ping sec.
tree is clean