Control: tags -1 + confirmed On Sat, 2013-10-19 at 23:12 -0300, David Bremner wrote: > I have prepared a targeted upload which closes two CVEs. > > These are relatively mild security bugs in the embedded copy of libraw > (which cannot be trivially removed, alas). > > A debdiff is attached. I believe the risk of the update is relatively > low, since according to darktable upstream only a few code paths > actually use libraw. On the other hand, I did have to monkey with the > patch a bit by hand to get it to apply, since libraw upstream provided > a patch against a later version.
Assuming the patch has been tested on a stable system, please go ahead; thanks. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
