This bug was fixed in the package libraw - 0.20.2-1
Sponsored for Hans Joachim Desserud (hjd)
---------------
libraw (0.20.2-1) unstable; urgency=medium
* New upstream release
-- Matteo F. Vescovi <m...@debian.org> Mon, 19 Oct 2020 23:00:12 +0200
libraw (0.20.0-4) unstable; urgency=medium
* Upload to unstable
* debian/libraw20.symbols: drop duplicates and
restrict to 64 bits
-- Matteo F. Vescovi <m...@debian.org> Tue, 18 Aug 2020 15:45:30 +0200
libraw (0.20.0-3) experimental; urgency=medium
* debian/libraw20.symbols: drop MISSING and update others
-- Matteo F. Vescovi <m...@debian.org> Tue, 04 Aug 2020 23:43:02 +0200
libraw (0.20.0-2) experimental; urgency=medium
* debian/libraw20.symbols: file updated
-- Matteo F. Vescovi <m...@debian.org> Tue, 04 Aug 2020 21:11:25 +0200
libraw (0.20.0-1) experimental; urgency=medium
[ Matteo F. Vescovi ]
* New upstream release
This release fixes CVE-2020-15503:
| LibRaw before 0.20-RC1 lacks a thumbnail size range check.
| This affects decoders/unpack_thumb.cpp,
| postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
| For example,
| malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs
| without validating T.tlength.
* debian/: SONAME bump 19 -> 20
* debian/control:
- debhelper bump 12 -> 13
- S-V bump 4.4.0 -> 4.5.0 (no changes needed)
- RRR set
* debian/tests/smoketest: path adapted
* debian/copyright: entries for unused files and licenses removed
* debian/rules: drop useless files installation
* debian/libraw20.symbols: missing and new symbols added
[ Sebastien Bacher ]
* debian/tests/build: use the correct compiler for
autopkgtest cross-testing. (Closes: #954886)
-- Matteo F. Vescovi <m...@debian.org> Thu, 30 Jul 2020 00:09:36 +0200
** Changed in: libraw (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: libraw (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-15503
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libraw in Ubuntu.
https://bugs.launchpad.net/bugs/1902290
Title:
Sync libraw 0.20.2-1 (main) from Debian unstable (main)
Status in libraw package in Ubuntu:
Fix Released
Bug description:
Please sync libraw 0.20.2-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* debian/tests/build:
- Use the correct compiler for proposed autopkgtest cross-testing
support.
* debian/tests/build:
- Use the correct compiler for proposed autopkgtest cross-testing
support.
* debian/tests/build:
- Use the correct compiler for proposed autopkgtest cross-testing
support.
The compiler changes in the autopkgtest for cross-testing has been
included in the Debian package.
Changelog entries since current hirsute version 0.19.5-1ubuntu1:
libraw (0.20.2-1) unstable; urgency=medium
* New upstream release
-- Matteo F. Vescovi <m...@debian.org> Mon, 19 Oct 2020 23:00:12
+0200
libraw (0.20.0-4) unstable; urgency=medium
* Upload to unstable
* debian/libraw20.symbols: drop duplicates and
restrict to 64 bits
-- Matteo F. Vescovi <m...@debian.org> Tue, 18 Aug 2020 15:45:30
+0200
libraw (0.20.0-3) experimental; urgency=medium
* debian/libraw20.symbols: drop MISSING and update others
-- Matteo F. Vescovi <m...@debian.org> Tue, 04 Aug 2020 23:43:02
+0200
libraw (0.20.0-2) experimental; urgency=medium
* debian/libraw20.symbols: file updated
-- Matteo F. Vescovi <m...@debian.org> Tue, 04 Aug 2020 21:11:25
+0200
libraw (0.20.0-1) experimental; urgency=medium
[ Matteo F. Vescovi ]
* New upstream release
This release fixes CVE-2020-15503:
| LibRaw before 0.20-RC1 lacks a thumbnail size range check.
| This affects decoders/unpack_thumb.cpp,
| postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
| For example,
| malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs
| without validating T.tlength.
* debian/: SONAME bump 19 -> 20
* debian/control:
- debhelper bump 12 -> 13
- S-V bump 4.4.0 -> 4.5.0 (no changes needed)
- RRR set
* debian/tests/smoketest: path adapted
* debian/copyright: entries for unused files and licenses removed
* debian/rules: drop useless files installation
* debian/libraw20.symbols: missing and new symbols added
[ Sebastien Bacher ]
* debian/tests/build: use the correct compiler for
autopkgtest cross-testing. (Closes: #954886)
-- Matteo F. Vescovi <m...@debian.org> Thu, 30 Jul 2020 00:09:36
+0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libraw/+bug/1902290/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
