-
libraw (0.18.8-1ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: missing thumbnail size range checks
- debian/patches/CVE-2020-15503.patch: add checks to
libraw/libraw_const.h, src/libraw_cxx.cpp.
- CVE-2020-15503
* SECURITY UPDATE: out-of-bounds write via X3F file
- debian/patches/CVE-2020-35530.patch: check huffman tree size in
internal/libraw_x3f.cpp.
- CVE-2020-35530
* SECURITY UPDATE: out-of-bounds read in get_huffman_diff()
- debian/patches/CVE-2020-35531.patch: check for data offset limit in
internal/libraw_x3f.cpp.
- CVE-2020-35531
* SECURITY UPDATE: out-of-bounds read via a large row_stride field
- debian/patches/CVE-2020-35532.patch: check for data offset limit in
internal/libraw_x3f.cpp.
- CVE-2020-35532
* SECURITY UPDATE: out-of-bounds read in adobe_copy_pixel()
- debian/patches/CVE-2020-35533.patch: more room for ljpeg row in
dcraw/dcraw.c.
- CVE-2020-35533
-- Marc Deslauriers <email address hidden> Fri, 04 Nov 2022 14:02:18 -0400
-
libraw (0.18.8-1ubuntu0.3) bionic-security; urgency=medium
* SECURITY UPDATE: infinite loop issues
- debian/patches/CVE-2018-581x.patch: add more checks to dcraw/dcraw.c,
internal/dcraw_common.cpp.
- CVE-2018-5817
- CVE-2018-5818
- CVE-2018-5819
* SECURITY UPDATE: stack overflow in parse_makernote
- debian/patches/CVE-2018-20337.patch: properly calculate length in
dcraw/dcraw.c, internal/dcraw_common.cpp.
- CVE-2018-20337
* SECURITY UPDATE: NULL deref in LibRaw::raw2image
- debian/patches/CVE-2018-20363.patch: add check in src/libraw_cxx.cpp.
- CVE-2018-20363
* SECURITY UPDATE: NULL deref in LibRaw::copy_bayer
- debian/patches/CVE-2018-20364.patch: add check in src/libraw_cxx.cpp.
- CVE-2018-20364
* SECURITY UPDATE: heap overflow in LibRaw::raw2image()
- debian/patches/CVE-2018-20365.patch: zero filters in dcraw/dcraw.c,
internal/dcraw_common.cpp.
- CVE-2018-20365
-- Marc Deslauriers <email address hidden> Fri, 17 May 2019 13:54:32 -0400
-
libraw (0.18.8-1ubuntu0.2) bionic-security; urgency=medium
* SECURITY UPDATE: Multiple memory management issues
- debian/patches/CVE-2018-5807_5810_5811_5812.patch: out-of-bounds
reads, heap-based buffer overflow and NULL pointer dereference in
internal/dcraw_common.cpp
- CVE-2018-5807
- CVE-2018-5810
- CVE-2018-5811
- CVE-2018-5812
* SECURITY UPDATE: Infinite loop
- debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
and internal/dcraw_common.cpp
- CVE-2018-5813
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2018-5815.patch: integer overflow in
internal/dcraw_common.cpp
- CVE-2018-5815
* SECURITY UPDATE: Divide by zero
- debian/patches/CVE-2018-5816.patch: divide by zero in
internal/dcraw_common.cpp
- CVE-2018-5816
-- Alex Murray <email address hidden> Tue, 04 Dec 2018 15:38:46 +1030
-
libraw (0.18.8-1ubuntu0.1) bionic-security; urgency=medium
* SECURITY UPDATE: Stack-based buffer overflow
- debian/patches/CVE-2018-10528.patch: parser possible
buffer overrun in src/libraw_cxx.cpp.
- CVE-2018-10528
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2018-10529.patch: X3F property table list fix
in src/libraw_cxx.cpp, internal/libraw_x3f.cpp.
- CVE-2018-10529
-- <email address hidden> (Leonidas S. Barbosa) Mon, 07 May 2018 11:31:13 -0300
-
libraw (0.18.8-1) unstable; urgency=medium
* New upstream release
- debian/libraw16.symbols: symbols updated
-- Matteo F. Vescovi <email address hidden> Sun, 04 Mar 2018 15:29:17 +0100
-
libraw (0.18.7-2) unstable; urgency=medium
[ Jason Duerstock ]
* debian/libraw16.symbols: symbols refreshed to add ia64 architecture
(Closes: #888061)
-- Matteo F. Vescovi <email address hidden> Wed, 24 Jan 2018 14:44:01 +0100
-
libraw (0.18.7-1) unstable; urgency=medium
* New upstream release
* debian/copyright: copyright-format moved to https://
-- Matteo F. Vescovi <email address hidden> Mon, 22 Jan 2018 23:02:49 +0100
-
libraw (0.18.6-1) unstable; urgency=medium
* New upstream release
* debian/compat: 10 -> 11
* debian/control: debhelper versioning 10 -> 11
* debian/control: S-V bump 4.1.1 -> 4.1.3 (no changes needed)
* debian/libraw16.symbols: update MISSING symbols
* debian/libraw-doc.doc-base: fix installation path
-- Matteo F. Vescovi <email address hidden> Sun, 07 Jan 2018 14:04:54 +0100
-
libraw (0.18.5-1) unstable; urgency=medium
* New upstream release (Closes: #874729)
* debian/: autotools-dev usage dropped
* debian/control: S-V bump 4.0.0 -> 4.1.1 (no changes needed)
-- Matteo F. Vescovi <email address hidden> Fri, 06 Oct 2017 21:51:38 +0200
-
libraw (0.18.2-2) unstable; urgency=medium
* Upload to unstable
* debian/control: S-V bump 3.9.8 => 4.0.0 (no changes needed)
-- Matteo F. Vescovi <email address hidden> Thu, 22 Jun 2017 17:32:33 +0200