Source: libraw Severity: important Tags: security Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9 Control: retitle -1 CVE-2013-1438: libraw: multiple vulnerabilities Control: retitle -2 CVE-2013-1438: dcraw: multiple vulnerabilities Control reassign -2 dcraw Control: retitle -3 CVE-2013-1438: darktable: multiple vulnerabilities Control reassign -3 darktable Control: retitle -4 CVE-2013-1438: ufraw: multiple vulnerabilities Control reassign -4 ufraw Control: retitle -5 CVE-2013-1438: xbmc: multiple vulnerabilities Control reassign -5 src:xbmc Control: retitle -6 CVE-2013-1438: exactimage: multiple vulnerabilities Control reassign -6 exactimage Control: retitle -7 CVE-2013-1438: rawstudio: multiple vulnerabilities Control reassign -7 rawstudio Control: retitle -8 CVE-2013-1438: rawtherapee: multiple vulnerabilities Control reassign -8 rawtherapee Control: retitle -9 CVE-2013-1438: libkdcraw: multiple vulnerabilities Control reassign -9 libkdcraw
Hi, I found a few vulnerabilities in dcraw and are all covered by the CVE-2013-1438 id: "Specially crafted photo files may trigger a division by zero, an infinite loop, or a null pointer dereference." Alex Tutubalin, libraw upstream, has patched the vulnerabilities in libraw and the patches should apply as-is to the vast majority of embedders. For the details http://www.openwall.com/lists/oss-security/2013/08/29/3 Please include the CVE id when fixing these vulnerabilities and consider fixing them in old/stable via a {O,}SPU by following standard procedures for stable release updates. P.S. yes, the above Control list is annoying, but so is having so many copies of the same code base in the archive. Thanks, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
