CVE-2017-13735 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735): There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. References: https://bugzilla.redhat.com/show_bug.cgi?id=1483988
Fixed in 0.18.3 now in the tree, feel free to start stabilization.
@Arches please test and mark stable. @Maintainers could you please confirm is SLOT 0/15 is vulnerable? @Security please add cve to database. Gentoo Security Padawan ChrisADR
A new vulnerability is stopping this stabilization, please refer to bug 630842. Gentoo Security Padawan ChrisADR
ia64 stable
An automated check of this bug failed - the following atom is unknown: media-libs/libraw-0.18.3 Please verify the atom list.
Version 0.18.3 has been dropped from the tree. The issue has been fixed in version 0.18.4 as stated in the changelog: 2017-09-09 Alex Tutubalin <lexa@lexa.ru> * Fix for CVE-2017-13735 Stabilization has also occurred in bug 630842.
An automated check of this bug succeeded - the previous repoman errors are now resolved.
ppc64 stable
GLSA Vote: No