Your message dated Thu, 24 Apr 2025 08:35:59 +0000
with message-id <e1u7s3r-00gvs6...@fasolo.debian.org>
and subject line Bug#1103783: fixed in libraw 0.21.4-1
has caused the Debian Bug report #1103783,
regarding libraw: CVE-2025-43964
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1103783: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103783
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: libraw
Version: 0.21.3-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for libraw.
CVE-2025-43964[0]:
| In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct
| in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1
| values.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-43964
https://www.cve.org/CVERecord?id=CVE-2025-43964
[1]
https://github.com/LibRaw/LibRaw/commit/a50dc3f1127d2e37a9b39f57ad9bb2ebb60f18c0
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libraw
Source-Version: 0.21.4-1
Done: xiao sheng wen <atzli...@debian.org>
We believe that the bug you reported is fixed in the latest version of
libraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1103...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
xiao sheng wen <atzli...@debian.org> (supplier of updated libraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 24 Apr 2025 15:55:00 +0800
Source: libraw
Architecture: source
Version: 0.21.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<pkg-phototools-de...@lists.alioth.debian.org>
Changed-By: xiao sheng wen <atzli...@debian.org>
Closes: 1103781 1103782 1103783
Changes:
libraw (0.21.4-1) unstable; urgency=medium
.
* Team upload.
* New upstream version 0.21.4
This minor release fixes the following security issues:
- CVE-2025-43961 - CVE-2025-43962 Closes: #1103781
- CVE-2025-43963 Closes: #1103782
- CVE-2025-43964 Closes: #1103783
* d/control: Build-Depends delete dpkg-dev (>= 1.22.5), not needed
* Bump Standards-Version: 4.7.2
* d/copyright:
- update year info
- fix old-fsf-address-in-copyright-file
* update d/libraw23t64.lintian-overrides
* d/libraw23t64.symbols:
- add * Build-Depends-Package: libraw-dev
- add some symbols already exist in 0.21.3
Checksums-Sha1:
1e15bc72ccbb1f44ca4b9a40c771efee92910c93 2187 libraw_0.21.4-1.dsc
aa603d4d4a2e7817db415580ca585d9ce3e08de6 566327 libraw_0.21.4.orig.tar.gz
6bf31f74950eab71d174ef80043233e405cb402a 24288 libraw_0.21.4-1.debian.tar.xz
1c65b02d2cc4c14007e25f2814e6e8a47315206a 6028 libraw_0.21.4-1_source.buildinfo
Checksums-Sha256:
14c7a693d3f9f05f4084592ae71a58a04621e84e254de1e082d2741adeeedf97 2187
libraw_0.21.4-1.dsc
8baeb5253c746441fadad62e9c5c43ff4e414e41b0c45d6dcabccb542b2dff4b 566327
libraw_0.21.4.orig.tar.gz
325cc56dd81eee3dfada2508af923a0824c636110522bc7db0eb381ef80efa6b 24288
libraw_0.21.4-1.debian.tar.xz
0ef7fabcdf3fee630cf5dce396c2a6d73ae8deadc3f8aa77e94ada08dbfed649 6028
libraw_0.21.4-1_source.buildinfo
Files:
0b107a2eca11bf7042d6e6aacbd98618 2187 libs optional libraw_0.21.4-1.dsc
6fe652abb6c0ae3b322c561e5c459f44 566327 libs optional libraw_0.21.4.orig.tar.gz
238e0ad18abae99b85a6f0025886d3a8 24288 libs optional
libraw_0.21.4-1.debian.tar.xz
1393166d78893fb4636cd1d77d9235eb 6028 libs optional
libraw_0.21.4-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEvGv7H5NUQYeSuhtTJ2Egg8PSprAFAmgJ9CkACgkQJ2Egg8PS
prBI7A/8DQbV5VlJNBVTnZU4274H1oOn3GJFmbI1bqNIR+nFbyMS3HxninQHWl/r
F8x5L7UqNxoDdiWdLEUTjfuZOvIXsaB7WnRrm5evYfShkvyGxAnmDzxLj3Dr3aNq
g7BHgG33VF8h0n7XdmScoUOT6I9STOONI+Z6cA0j8JaG9yQ8yUHC+qfwJxrP9r+i
Rvl1CDqkWSlkI3bT3/u7RcbzBCujlOzW+sj7hmuDb2mCN3q777+XBS/UPXYD5ldv
BkusCh5/beBPfTtH0bRHUJXxfUAvysMLgmLxf6HPDUAPR13oFHibEWRc7Khh5K5b
6Lc7+giricZM+oONS0juIbo1mWiTekZiWtkCCd3TKMdsKZuaWagUYMvqLJ9rHVTP
0c/mCC++bHjFZqIddhA3leky8rhqqYOKXUnIMPy/o0tOCnrSBlUSR2LIva+XgpYV
nBsGMIQKeauzpQTwNGRqVMFq2JWGweEBcwTPQUPdG8huEnzrE7oleghHSwVqaVy0
kxoqSdR2gDoXAjYpN6skvBTMAxK+5hzpgnzrganWGgoqdx1i2EzTIidQSephfhS8
wVGabDxIbrEnItJs2yjABe597NY6ljspQXsruQJz9ST+HU4ndskzs3sm9e48C8Sj
zUgZ60ND2DIATlq2b8LyGoktksYCXaPazSNjhQhuUhGhAEIDJZM=
=yXZ2
-----END PGP SIGNATURE-----
pgp5sMnsftnPt.pgp
Description: PGP signature
--- End Message ---
