David Bremner <brem...@debian.org> writes: > I'm not sure yet that the vulnerability occurs in the version of libraw > embedded in darktable. There is some relevant discussion on the > darktable developers list > > http://article.gmane.org/gmane.comp.graphics.darktable.devel/2628 > > If nothing else, the proposed patch won't apply, because raw_alloc > doesn't occur at all in src/External/LibRaw/src/libraw_cxx.cpp
It seems like this might be the backported fix (suggesting there was indeed a problem to fix). https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a Darktable upstream just cherry picked that to their current release branches. I don't know yet if the same patch applies to the version in wheezy. d -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org