Salvatore Bonaccorso <car...@debian.org> writes: > Source: libraw > Version: 0.20.2-2 > Severity: important > Tags: security upstream > Forwarded: https://github.com/LibRaw/LibRaw/issues/400 > X-Debbugs-Cc: car...@debian.org, Debian Security Team > <t...@security.debian.org> > Control: fixed -1 0.21.1-1 > > Hi, > > The following vulnerability was published for libraw. The wording for > the CVE description from the feed is disputable, believe this should > be at most DoS.
For (naughty) packages that embed libraw, is this worth 1) Trying to squeeze in a minor version update 2) waiting for stable update? 3) not worrying about for bookworm? I know the answer is probably "it depends", just looking for feedback and-or what other maintainers are planning on doing. d