Bug#710353: marked as done (libraw: CVE-2013-2126 CVE-2013-2127)

[Debian Bug Tracking System]

Your message dated Wed, 10 Jul 2013 21:04:08 +0000
with message-id <e1ux1yw-0002rv...@franck.debian.org>
and subject line Bug#710353: fixed in libraw 0.15.3-1
has caused the Debian Bug report #710353,
regarding libraw: CVE-2013-2126 CVE-2013-2127
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
710353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=710353
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libraw
Severity: grave
Tags: security

Two security issues have been found in libraw. Please see this link for
more information and links to upstream commits:

http://www.openwall.com/lists/oss-security/2013/05/29/7

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: libraw
Source-Version: 0.15.3-1

We believe that the bug you reported is fixed in the latest version of
libraw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 710...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luca Falavigna <dktrkr...@debian.org> (supplier of updated libraw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 10 Jul 2013 21:20:09 +0200
Source: libraw
Binary: libraw9 libraw-bin libraw-dev libraw-doc
Architecture: source amd64 all
Version: 0.15.3-1
Distribution: unstable
Urgency: low
Maintainer: Debian Shotwell Maintainers 
<pkg-shotwell-ma...@lists.alioth.debian.org>
Changed-By: Luca Falavigna <dktrkr...@debian.org>
Description: 
 libraw-bin - raw image decoder library (tools)
 libraw-dev - raw image decoder library (development files)
 libraw-doc - raw image decoder library (documentation)
 libraw9    - raw image decoder library
Closes: 710353 715577
Changes: 
 libraw (0.15.3-1) unstable; urgency=low
 .
   * Team upload to unstable.
   * New upstream release (Closes: #710353).
     - Fix error handling for broken full-color images - CVE-2013-2126.
     - Fix wrong data_maximum calcluation - CVE-2013-2127.
   * debian/patches/4channels_parameter.patch:
     - Fix segmentaition fault when 4channel is passed -s option without
        any parameter (Closes: #715577).
Checksums-Sha1: 
 e1774747c12440b1957d45400ea5159da4f31460 2015 libraw_0.15.3-1.dsc
 8b6f793905eb5df5cb5ff6623e1a566727ec1e73 1408520 libraw_0.15.3.orig.tar.gz
 dc31dc09c70144ad12b47ffab41e3b04b2085ec5 8779 libraw_0.15.3-1.debian.tar.gz
 8b68a67cb1d5317cf3c164f3e50acb4584b7f691 376674 libraw9_0.15.3-1_amd64.deb
 cabd750463447c64fdfe49c111d4eae622cf3393 50304 libraw-bin_0.15.3-1_amd64.deb
 50c540f4146119a9a73d9f841a0eb822fd5b227a 400670 libraw-dev_0.15.3-1_amd64.deb
 70681a457c137ed5e3e6e7cc7380fb35edb8bb97 114982 libraw-doc_0.15.3-1_all.deb
Checksums-Sha256: 
 148b4aae5de6b41930ac3539e216498febbd24a9f3ba5120b847c3da47977cc9 2015 
libraw_0.15.3-1.dsc
 cfe74c87150035a3277d18338a4e4ac11424349736d39c7d9dbb0cffe5a0d331 1408520 
libraw_0.15.3.orig.tar.gz
 68fcf505e176936b0e66973e663a7c713200528577e39dd109b20ef8fee41b85 8779 
libraw_0.15.3-1.debian.tar.gz
 8a19715aafe0ffc3e6862d1b2e05fffd4ddf5f5dd898e4bbfed2e27e361eea70 376674 
libraw9_0.15.3-1_amd64.deb
 4a8249d130ceebde9aeb5bcc3744e4a1acdcb74786140f24dd0f578fbd2f35c4 50304 
libraw-bin_0.15.3-1_amd64.deb
 dc56b1e3f7b3c35a8ce944784d51e3e29bf1638dfea796f1c4cc5bee28ed62da 400670 
libraw-dev_0.15.3-1_amd64.deb
 34afe2b96fe05c5e07394e3a8b31fd6fd1026d6763a6e4ed4e08e6040d1337b5 114982 
libraw-doc_0.15.3-1_all.deb
Files: 
 1db23abc036d8ae5d1351aefc30ea9c7 2015 libs optional libraw_0.15.3-1.dsc
 61b401bfab23ae27fa437a966717acae 1408520 libs optional 
libraw_0.15.3.orig.tar.gz
 c8b3701b6683dffb858a9fc4e8c8850d 8779 libs optional 
libraw_0.15.3-1.debian.tar.gz
 1537d3ec82c690bb47a32489c26c51e4 376674 libs optional 
libraw9_0.15.3-1_amd64.deb
 5a1e0a5fb1c7458b5497f12360ea90ef 50304 graphics optional 
libraw-bin_0.15.3-1_amd64.deb
 2e143cd3573ce7fc25be2940535553fb 400670 libdevel optional 
libraw-dev_0.15.3-1_amd64.deb
 eac0aadb66add18d48c92db5f04c19b5 114982 doc optional 
libraw-doc_0.15.3-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJR3cJ2AAoJEEkIatPr4vMfufoP/2QKmmnaDWIZ7Ui5U78/JoTi
kAzzz0VSnKIEavDk0YCryZf59Vxc9hvuhS1fYzr6vtsTA93qoYF+NTZgwzThkIJx
6H9HxLw9wUFjXdZOmVh6k+st5yHNi6RkpY+E9m3+bBVvZ6/2I+4H1PeyDCelHRAe
sa9vg+mcs1CE9E4Pj6b9+mWgAD1NcRfLBjXlslCHyMz+L72ziEAjgsKucfcUqm6k
/ypMCxLrlB7PH4DjhGfxBZSMAFwPBJ0U6oz5+s4/fiaMcE3zRCod1jRUlGOrEkCF
xPERzI2aEcqBbONiUx2TArrig1NkcST/ENfo402O/XHIOHLCJi0KosQ2woW+TMfu
eakwssAY+Mj0We5d2H57NPNkIrf7IOU8Mp6GM+Gx+XJlM/B2XaiOcaI4Fa5WOMV3
58cfvYpWX/RZqNg0eycO0MONIniG7rnK91m3iKFeV8SoYTHiVagtDG8wSz5Uhb7P
XfO6UlF5n8hDHYFUnZGDDW7kfYEnOdeY872CB7Pxzr1yOwiHKGUbDwKE/PyexWL8
o/1PuxDT1enzZAFy9PG2ty+RMssEdfJDK3q+x6jN15oRolO74jsLUP6N1fZ1FdHF
CJ+B0jOAxp2mWhKK7f+oqXHVCfsI2J0FtViRFXKMyua6kVqxghBYb7/9pJq9P/f0
n6cLvHh6FZPFBpx4/RH4
=1xsj
-----END PGP SIGNATURE-----

--- End Message ---