Sync libraw 0.20.2-1 (main) from Debian unstable (main)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libraw (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Please sync libraw 0.20.2-1 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* debian/tests/build:
- Use the correct compiler for proposed autopkgtest cross-testing
support.
* debian/tests/build:
- Use the correct compiler for proposed autopkgtest cross-testing
support.
* debian/tests/build:
- Use the correct compiler for proposed autopkgtest cross-testing
support.
The compiler changes in the autopkgtest for cross-testing has been included in the Debian package.
Changelog entries since current hirsute version 0.19.5-1ubuntu1:
libraw (0.20.2-1) unstable; urgency=medium
* New upstream release
-- Matteo F. Vescovi <email address hidden> Mon, 19 Oct 2020 23:00:12 +0200
libraw (0.20.0-4) unstable; urgency=medium
* Upload to unstable
* debian/
restrict to 64 bits
-- Matteo F. Vescovi <email address hidden> Tue, 18 Aug 2020 15:45:30 +0200
libraw (0.20.0-3) experimental; urgency=medium
* debian/
-- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 23:43:02 +0200
libraw (0.20.0-2) experimental; urgency=medium
* debian/
-- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 21:11:25 +0200
libraw (0.20.0-1) experimental; urgency=medium
[ Matteo F. Vescovi ]
* New upstream release
This release fixes CVE-2020-15503:
| LibRaw before 0.20-RC1 lacks a thumbnail size range check.
| This affects decoders/
| postprocessing/
| For example,
| malloc(
| without validating T.tlength.
* debian/: SONAME bump 19 -> 20
* debian/control:
- debhelper bump 12 -> 13
- S-V bump 4.4.0 -> 4.5.0 (no changes needed)
- RRR set
* debian/
* debian/copyright: entries for unused files and licenses removed
* debian/rules: drop useless files installation
* debian/
[ Sebastien Bacher ]
* debian/tests/build: use the correct compiler for
autopkgtest cross-testing. (Closes: #954886)
-- Matteo F. Vescovi <email address hidden> Thu, 30 Jul 2020 00:09:36 +0200
CVE References
Changed in libraw (Ubuntu): | |
importance: | Undecided → Wishlist |
This sync will start a transition. I'm deferring it a bit waiting for the autopkgtest queues to become shorter.