LibRAW is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities. 2. A heap-based buffer-overflow vulnerability. An attacker can exploit these issues to cause denial-of-service conditions. LibRaw version 0.19.1 is vulnerable.
Maintainer(s), please advise if the current stabilization of bug #641648, solves this problem.
Arches please stabilise.
amd64 stable
ia64 stable
Looking good on ppc64. rdep failing: media-libs/gegl (bug #686202) # cat libraw-673740.report USE tests started on Mo 15. Jul 16:03:24 CEST 2019 FEATURES=' test' USE='' succeeded for =media-libs/libraw-0.19.3 USE='-examples -jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples -jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples -jpeg -lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg -lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples jpeg -lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples jpeg -lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples -jpeg lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg lcms openmp' succeeded for =media-libs/libraw-0.19.3 revdep tests started on Mo 15. Jul 16:27:46 CEST 2019 FEATURES=' test' USE='raw' succeeded for media-gfx/imagemagick USE='raw' FEATURES=' test' failed for media-libs/gegl
Looking good on ppc. rdep failing: media-libs/gegl (bug #686202) # cat libraw-673740.report USE tests started on Di 16. Jul 10:04:44 CEST 2019 FEATURES=' test' USE='' succeeded for =media-libs/libraw-0.19.3 USE='-examples -jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples jpeg -lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples -jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples jpeg lcms -openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg -lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples -jpeg lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='-examples jpeg lcms openmp' succeeded for =media-libs/libraw-0.19.3 USE='examples jpeg lcms openmp' succeeded for =media-libs/libraw-0.19.3 revdep tests started on Di 16. Jul 12:36:44 CEST 2019 FEATURES=' test' USE='raw' succeeded for media-gfx/imagemagick USE='raw' FEATURES=' test' failed for media-libs/gegl
x86 stable
ppc stable
ppc64 stable
alpha stable
arm64 stable
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f81b99e85368d4162d8e25da47e839247aa843a commit 9f81b99e85368d4162d8e25da47e839247aa843a Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2019-07-28 11:18:47 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-07-28 11:23:31 +0000 media-libs/libraw: Security cleanup Bug: https://bugs.gentoo.org/673740 Closes: https://bugs.gentoo.org/679512 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-libs/libraw/Manifest | 4 -- media-libs/libraw/libraw-0.18.13.ebuild | 66 --------------------------------- media-libs/libraw/libraw-0.19.2.ebuild | 61 ------------------------------ media-libs/libraw/metadata.xml | 3 -- 4 files changed, 134 deletions(-)