This bug was fixed in the package libraw - 0.20.2-1 Sponsored for Hans Joachim Desserud (hjd)
--------------- libraw (0.20.2-1) unstable; urgency=medium
* New upstream release
-- Matteo F. Vescovi <email address hidden> Mon, 19 Oct 2020 23:00:12 +0200
libraw (0.20.0-4) unstable; urgency=medium
* Upload to unstable * debian/libraw20.symbols: drop duplicates and restrict to 64 bits
-- Matteo F. Vescovi <email address hidden> Tue, 18 Aug 2020 15:45:30 +0200
libraw (0.20.0-3) experimental; urgency=medium
* debian/libraw20.symbols: drop MISSING and update others
-- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 23:43:02 +0200
libraw (0.20.0-2) experimental; urgency=medium
* debian/libraw20.symbols: file updated
-- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 21:11:25 +0200
libraw (0.20.0-1) experimental; urgency=medium
[ Matteo F. Vescovi ] * New upstream release This release fixes CVE-2020-15503: | LibRaw before 0.20-RC1 lacks a thumbnail size range check. | This affects decoders/unpack_thumb.cpp, | postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. | For example, | malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs | without validating T.tlength. * debian/: SONAME bump 19 -> 20 * debian/control: - debhelper bump 12 -> 13 - S-V bump 4.4.0 -> 4.5.0 (no changes needed) - RRR set * debian/tests/smoketest: path adapted * debian/copyright: entries for unused files and licenses removed * debian/rules: drop useless files installation * debian/libraw20.symbols: missing and new symbols added
[ Sebastien Bacher ] * debian/tests/build: use the correct compiler for autopkgtest cross-testing. (Closes: #954886)
-- Matteo F. Vescovi <email address hidden> Thu, 30 Jul 2020 00:09:36 +0200
This bug was fixed in the package libraw - 0.20.2-1
Sponsored for Hans Joachim Desserud (hjd)
---------------
libraw (0.20.2-1) unstable; urgency=medium
* New upstream release
-- Matteo F. Vescovi <email address hidden> Mon, 19 Oct 2020 23:00:12 +0200
libraw (0.20.0-4) unstable; urgency=medium
* Upload to unstable libraw20. symbols: drop duplicates and
* debian/
restrict to 64 bits
-- Matteo F. Vescovi <email address hidden> Tue, 18 Aug 2020 15:45:30 +0200
libraw (0.20.0-3) experimental; urgency=medium
* debian/ libraw20. symbols: drop MISSING and update others
-- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 23:43:02 +0200
libraw (0.20.0-2) experimental; urgency=medium
* debian/ libraw20. symbols: file updated
-- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 21:11:25 +0200
libraw (0.20.0-1) experimental; urgency=medium
[ Matteo F. Vescovi ] unpack_ thumb.cpp, mem_image. cpp, and utils/thumb_ utils.cpp. sizeof( libraw_ processed_ image_t) +T.tlength) occurs tests/smoketest : path adapted libraw20. symbols: missing and new symbols added
* New upstream release
This release fixes CVE-2020-15503:
| LibRaw before 0.20-RC1 lacks a thumbnail size range check.
| This affects decoders/
| postprocessing/
| For example,
| malloc(
| without validating T.tlength.
* debian/: SONAME bump 19 -> 20
* debian/control:
- debhelper bump 12 -> 13
- S-V bump 4.4.0 -> 4.5.0 (no changes needed)
- RRR set
* debian/
* debian/copyright: entries for unused files and licenses removed
* debian/rules: drop useless files installation
* debian/
[ Sebastien Bacher ]
* debian/tests/build: use the correct compiler for
autopkgtest cross-testing. (Closes: #954886)
-- Matteo F. Vescovi <email address hidden> Thu, 30 Jul 2020 00:09:36 +0200