Your message dated Tue, 31 Jul 2018 12:19:19 +0000
with message-id <[email protected]>
and subject line Bug#864168: fixed in dcraw 9.28-1
has caused the Debian Bug report #864168,
regarding CVE-2015-8366: Index overflow in smal_decode_segment
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
864168: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864168
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dcraw
Severity: important
Tags: security
dcraw embeds a copy of libraw, which is affected by an integer
overflow in smal_decode_segment().
Patch is here:
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: dcraw
Source-Version: 9.28-1
We believe that the bug you reported is fixed in the latest version of
dcraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Filip Hroch <[email protected]> (supplier of updated dcraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 31 Jul 2018 11:13:05 +0200
Source: dcraw
Binary: dcraw
Architecture: source
Version: 9.28-1
Distribution: unstable
Urgency: low
Maintainer: Debian Astronomy Team
<[email protected]>
Changed-By: Filip Hroch <[email protected]>
Description:
dcraw - decode raw digital camera images
Closes: 721232 864168
Changes:
dcraw (9.28-1) unstable; urgency=low
.
* New upstream version.
* Updated to latest Debian standards.
* Updated autotools patch.
* Added lcms2 library into configure.ac (Ubuntu bug no.1611001).
* Added hardening options to debian/rules.
* Switch-on high level of optimisation as upstream author recommends.
* Removed obsolete --with-autoreconf option in debian/rules.
* Fixed the bug CVE-2013-1438: dcraw (multiple vulnerabilities) mostly
in JPEG/TIFF write routines. The patch has been applied by hand
to reflect latest upstream source code changes. Closes: #721232
* Fixed Index overflow in smal_decode_segment() bug. I patched also
by hand. No tests performed (no data available). Closes: #864168
* Funny false warning: lintian reports "spelling-error-in-binary
usr/bin/dcraw Optio Option". The character string is correct
designating Pentax Optio cameras.
Checksums-Sha1:
55efbdd767163bcdfe7a9de5b20e6beac223f5f1 1982 dcraw_9.28-1.dsc
8d340293d4d9e4de7818f2c18705ac3a299a0c1f 119126 dcraw_9.28.orig.tar.gz
f91d91d96070c2e151e4e7ee4f5f8cab6f210371 6847148 dcraw_9.28-1.debian.tar.xz
Checksums-Sha256:
f1496983f5ea7bf583127ea7f24c3e8fbb7e7a5284a59c31fde1faa23a60847d 1982
dcraw_9.28-1.dsc
3929fe8734db7129431531322d76401517b700cc5bab06f4ba2cd2aa0e303a93 119126
dcraw_9.28.orig.tar.gz
e4807f55e11bc2846dd9968fb2c8939eae9b487658391d5cd62f706f2f010c8d 6847148
dcraw_9.28-1.debian.tar.xz
Files:
0f74cb158b01506164f35d56749a36be 1982 graphics optional dcraw_9.28-1.dsc
7cc879c2a152d0727ff4d440e35a5f96 119126 graphics optional
dcraw_9.28.orig.tar.gz
225e4d142bb7ededf303b6a5308f8203 6847148 graphics optional
dcraw_9.28-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEuvxshffLFD/utvsVcRWv0HcQ3PcFAltgMKcACgkQcRWv0HcQ
3PdQnBAA44V4O6i9PwFxA6anJCMRuQXP5tr/NAnEsHMW1n2MHSBteOgF7BCdcmN6
NTQL/H5F3a6e3ZqFKSqGKzR2ODvF++ummj/ZEZNmEq2vdwsCKg5l6w14Ez/Za1zb
/lGNHERaL+Xc9Zaf7aL+sddKMpIFb6G/sC8D5YyQOfYwx5Ygv+cSonoNeSug0Nx/
2qVNyCYJb9Hw4ViHKRS8y8MfR2/d50ajBXn7IhS6/nC1sBuThrgr8Bu7UPHQeOdw
pQlyjI5nIuJoWGzD5YOZor5Os+S9JosWnZsX5TckSkVEerEkfN+SDz0ljOnZO+d0
l6CVj6/6u4cKEf3tGCynWzPv0/nyRwXLM40CmyzDGqaX7cVy+7K6s1Zlak9YbZr8
B1mq1O0q0q/GhftawQg/i18k0U4nX2N38n8YZRAHey/qksYc4T+CDCyJ0OTvx6uC
A3YxeQjp1EsNDq8vc51g/M61E1cG/qCNOqMovhj0JbT/38ZF7iyjCj4H+TraOfKS
0kmhYRqO1Scagk/XWeNq779795uxGyRlfyZcr0PIM/atEUjHKnM0U1H/6rUWSKW2
3KZ7WS7LC067zDhk8iTucmH1c8MVDyomJDpwY4rRayv+CBKfzj/fhExhjmtjjKyP
KMydnOK4MX3dKbOOLIRIo00M6nScdnsZqUPchhoHxnpojWyIUTs=
=O4gb
-----END PGP SIGNATURE-----
--- End Message ---
