"A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution."
"libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp, which may result in context-dependent arbitrary code execution."
I'm not even sure if 24890 is valid given "This is compiler error[...]" and the same patch gets linked both times.
But the first one seems to be, so is it ready to stable if you agree the second one is invalid?
Unable to check for sanity:
> no match for package: media-libs/libraw-20.0
all arches done