On Sun, 18 May 2025 at 14:09:26 +0200, Guilhem Moulin wrote: > While working on an upload for buster ELTS I noticed the version of > src:libraw currently found in bookworm is vulnerable to CVE-2025-4396[1-4] > (marked no-dsa by the security team) [0]. The issues are already fixed > in trixie and bullseye-security so it makes sense to fix them in > bookworm as well. > > The upstream patches trivially apply to 0.20.2-2.1. I attach a tested > debdiff; individual commits and tag can be found on the LTS team fork [1]. > > Unless you object I'll file a bookworm-pu bug with these changes.
Filed the -pu bug now: #1106358. -- Guilhem.
signature.asc
Description: PGP signature
