Ubuntu
libraw package

Sync libraw 0.20.2-1 (main) from Debian unstable (main)

Bug #1902290 reported by Hans Joachim Desserud
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libraw (Ubuntu)
Fix Released
Wishlist
Unassigned

Bug Description

Please sync libraw 0.20.2-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * debian/tests/build:
    - Use the correct compiler for proposed autopkgtest cross-testing
      support.
  * debian/tests/build:
    - Use the correct compiler for proposed autopkgtest cross-testing
      support.
  * debian/tests/build:
    - Use the correct compiler for proposed autopkgtest cross-testing
      support.

The compiler changes in the autopkgtest for cross-testing has been included in the Debian package.

Changelog entries since current hirsute version 0.19.5-1ubuntu1:

libraw (0.20.2-1) unstable; urgency=medium

  * New upstream release

 -- Matteo F. Vescovi <email address hidden> Mon, 19 Oct 2020 23:00:12 +0200

libraw (0.20.0-4) unstable; urgency=medium

  * Upload to unstable
  * debian/libraw20.symbols: drop duplicates and
    restrict to 64 bits

 -- Matteo F. Vescovi <email address hidden> Tue, 18 Aug 2020 15:45:30 +0200

libraw (0.20.0-3) experimental; urgency=medium

  * debian/libraw20.symbols: drop MISSING and update others

 -- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 23:43:02 +0200

libraw (0.20.0-2) experimental; urgency=medium

  * debian/libraw20.symbols: file updated

 -- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 21:11:25 +0200

libraw (0.20.0-1) experimental; urgency=medium

  [ Matteo F. Vescovi ]
  * New upstream release
    This release fixes CVE-2020-15503:
    | LibRaw before 0.20-RC1 lacks a thumbnail size range check.
    | This affects decoders/unpack_thumb.cpp,
    | postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
    | For example,
    | malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs
    | without validating T.tlength.
  * debian/: SONAME bump 19 -> 20
  * debian/control:
    - debhelper bump 12 -> 13
    - S-V bump 4.4.0 -> 4.5.0 (no changes needed)
    - RRR set
  * debian/tests/smoketest: path adapted
  * debian/copyright: entries for unused files and licenses removed
  * debian/rules: drop useless files installation
  * debian/libraw20.symbols: missing and new symbols added

  [ Sebastien Bacher ]
  * debian/tests/build: use the correct compiler for
    autopkgtest cross-testing. (Closes: #954886)

 -- Matteo F. Vescovi <email address hidden> Thu, 30 Jul 2020 00:09:36 +0200

CVE References

Revision history for this message
Balint Reczey (rbalint) wrote :

This sync will start a transition. I'm deferring it a bit waiting for the autopkgtest queues to become shorter.

Revision history for this message
Hans Joachim Desserud (hjd) wrote :

Right, that makes sense :)

Mathew Hodson (mhodson)
Changed in libraw (Ubuntu):
importance: Undecided → Wishlist
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libraw (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

This bug was fixed in the package libraw - 0.20.2-1
Sponsored for Hans Joachim Desserud (hjd)

---------------
libraw (0.20.2-1) unstable; urgency=medium

  * New upstream release

 -- Matteo F. Vescovi <email address hidden> Mon, 19 Oct 2020 23:00:12 +0200

libraw (0.20.0-4) unstable; urgency=medium

  * Upload to unstable
  * debian/libraw20.symbols: drop duplicates and
    restrict to 64 bits

 -- Matteo F. Vescovi <email address hidden> Tue, 18 Aug 2020 15:45:30 +0200

libraw (0.20.0-3) experimental; urgency=medium

  * debian/libraw20.symbols: drop MISSING and update others

 -- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 23:43:02 +0200

libraw (0.20.0-2) experimental; urgency=medium

  * debian/libraw20.symbols: file updated

 -- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 21:11:25 +0200

libraw (0.20.0-1) experimental; urgency=medium

  [ Matteo F. Vescovi ]
  * New upstream release
    This release fixes CVE-2020-15503:
    | LibRaw before 0.20-RC1 lacks a thumbnail size range check.
    | This affects decoders/unpack_thumb.cpp,
    | postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
    | For example,
    | malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs
    | without validating T.tlength.
  * debian/: SONAME bump 19 -> 20
  * debian/control:
    - debhelper bump 12 -> 13
    - S-V bump 4.4.0 -> 4.5.0 (no changes needed)
    - RRR set
  * debian/tests/smoketest: path adapted
  * debian/copyright: entries for unused files and licenses removed
  * debian/rules: drop useless files installation
  * debian/libraw20.symbols: missing and new symbols added

  [ Sebastien Bacher ]
  * debian/tests/build: use the correct compiler for
    autopkgtest cross-testing. (Closes: #954886)

 -- Matteo F. Vescovi <email address hidden> Thu, 30 Jul 2020 00:09:36 +0200

Changed in libraw (Ubuntu):
status: Confirmed → Fix Committed
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.