Your message dated Tue, 18 Jul 2023 07:20:18 +0000
with message-id <[email protected]>
and subject line Bug#1036281: fixed in libraw 0.21.1-5
has caused the Debian Bug report #1036281,
regarding libraw: CVE-2023-1729
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1036281: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036281
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libraw
X-Debbugs-CC: [email protected]
Severity: grave
Tags: security
Hi,
The following vulnerability was published for libraw.
CVE-2023-1729[0]:
| A flaw was found in LibRaw. A heap-buffer-overflow in raw2image_ex()
| caused by a maliciously crafted file may lead to an application crash.
https://bugzilla.redhat.com/show_bug.cgi?id=2188240
https://github.com/LibRaw/LibRaw/issues/557
Fixed by:
https://github.com/LibRaw/LibRaw/commit/9ab70f6dca19229cb5caad7cc31af4e7501bac93
(master)
Fixed by:
https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828
(0.21-stable)
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-1729
https://www.cve.org/CVERecord?id=CVE-2023-1729
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: libraw
Source-Version: 0.21.1-5
Done: Matteo F. Vescovi <[email protected]>
We believe that the bug you reported is fixed in the latest version of
libraw, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matteo F. Vescovi <[email protected]> (supplier of updated libraw package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 05 Jul 2023 22:47:57 +0200
Source: libraw
Architecture: source
Version: 0.21.1-5
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: Matteo F. Vescovi <[email protected]>
Closes: 1036281
Changes:
libraw (0.21.1-5) unstable; urgency=medium
.
* debian/patches/: patchset updated (Closes: #1036281)
- 0001-Do-not-set-shrink-flag-for-3-4-component-images.patch added
CVE-2023-1729:
| A flaw was found in LibRaw. A heap-buffer-overflow
| in raw2image_ex() caused by a maliciously crafted file
| may lead to an application crash.
Checksums-Sha1:
4dac7a2e3bc14edfc4c8b6a93b542a35d2339422 2339 libraw_0.21.1-5.dsc
b7ee789d5d6b46cde1a3431646b0200b4d33f5d2 23828 libraw_0.21.1-5.debian.tar.xz
41bfdee6b2a9a5ee03e61c42b8403ec34e586870 6496 libraw_0.21.1-5_source.buildinfo
Checksums-Sha256:
a079cee63b48be5b58d6cac13e66d3982909b8d74a29e09b8a585e4e6e2389ce 2339
libraw_0.21.1-5.dsc
f990e84a42edcd2b4af0f3c5a38a3b73e810008ab13d6ce480dc3336a825f377 23828
libraw_0.21.1-5.debian.tar.xz
0624d508c2cf98136932a50529c793353e466b8f254196fe9a1d29437590fb32 6496
libraw_0.21.1-5_source.buildinfo
Files:
ca53b7cabaf4b10ec93af27add759d94 2339 libs optional libraw_0.21.1-5.dsc
5048b249ea5d4a20f1b9150b27ac52a1 23828 libs optional
libraw_0.21.1-5.debian.tar.xz
8e4718eeed5ea982b7cd80f65d64754f 6496 libs optional
libraw_0.21.1-5_source.buildinfo
-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!
iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAmS2NrtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVqfmxAAh+DydQPCpTvNxaaYqijufwNyFMdFCk98tnT0PtEajk8kSlPPtgDKK7NB
ab1694TzPdn4AiWV/B4yIcp1VuuBaB0/ab5JNDXZFr7mEXw7uKOh3BG8hj30t+L6
5hQ+GOGlEQ6u9RKWchE9gw+jImBObPLMAETwvP9/SKaLcPJEzUtRmkhBvvJl3zJ3
T+fe9+ecjLzaK8O3cRWanNWg44HJlesGufxAl4yaXFUEcMo7oqRpjpu6yu1hYieN
gCHxHAbd9OvECUEavTXhvF/U731h1m+9rCg74JeOi45cEr1VYDL8RB4jDavt2FMa
RhEF20PIJ3TkijYve5myAbFi5SC6MJIFuLNsDW9AyaNuC0LcmtnPPEGMCb8kWOqD
DoBvNS50CVYXg2i7VrqWV2yDmQxAfXOd0l7EOQHP4iVn1BeV3IXmNrPI1Tn+z7H3
tt0S/X2aIbJ0AoX7/x70uttlBXbaRKkHvqxPLEpGB5IOnios2Ni4QCnL6VCTfN/x
20tlcDWnJwJPHViR5KdJ5yvQAT/FDO2ooRIQpHXRM2Td6S257P61wxrfyt+Wr4Sc
+a/A09hD6X4zZFzYrRUIk3Ivz7y3OG+EDQ55xyPaDbXFvnwQbbV/K6frFDA0T+Qa
/SHQmsLx95dftQ8+eYr2kt9kAuWAo2ZOxyi2iaDKi6nQVDJbwq8=
=wZsJ
-----END PGP SIGNATURE-----
--- End Message ---
