Comment 4 for bug 1902290

This bug was fixed in the package libraw - 0.20.2-1
Sponsored for Hans Joachim Desserud (hjd)

---------------
libraw (0.20.2-1) unstable; urgency=medium

  * New upstream release

 -- Matteo F. Vescovi <email address hidden> Mon, 19 Oct 2020 23:00:12 +0200

libraw (0.20.0-4) unstable; urgency=medium

  * Upload to unstable
  * debian/libraw20.symbols: drop duplicates and
    restrict to 64 bits

 -- Matteo F. Vescovi <email address hidden> Tue, 18 Aug 2020 15:45:30 +0200

libraw (0.20.0-3) experimental; urgency=medium

  * debian/libraw20.symbols: drop MISSING and update others

 -- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 23:43:02 +0200

libraw (0.20.0-2) experimental; urgency=medium

  * debian/libraw20.symbols: file updated

 -- Matteo F. Vescovi <email address hidden> Tue, 04 Aug 2020 21:11:25 +0200

libraw (0.20.0-1) experimental; urgency=medium

  [ Matteo F. Vescovi ]
  * New upstream release
    This release fixes CVE-2020-15503:
    | LibRaw before 0.20-RC1 lacks a thumbnail size range check.
    | This affects decoders/unpack_thumb.cpp,
    | postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
    | For example,
    | malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs
    | without validating T.tlength.
  * debian/: SONAME bump 19 -> 20
  * debian/control:
    - debhelper bump 12 -> 13
    - S-V bump 4.4.0 -> 4.5.0 (no changes needed)
    - RRR set
  * debian/tests/smoketest: path adapted
  * debian/copyright: entries for unused files and licenses removed
  * debian/rules: drop useless files installation
  * debian/libraw20.symbols: missing and new symbols added

  [ Sebastien Bacher ]
  * debian/tests/build: use the correct compiler for
    autopkgtest cross-testing. (Closes: #954886)

 -- Matteo F. Vescovi <email address hidden> Thu, 30 Jul 2020 00:09:36 +0200