Re: CVE request: libraw: multiple issues

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/28/2013 02:43 AM, Raphael Geissert wrote:
> Hi,
>
> From [1]:
> > LibRaw 0.15.1 (26-05-2013)
> This should be 0.15.2
> > Fixed possible double-free() on error recovery on damaged
> > full-color (Foveon, sRAW) files. wchar_t* file interface disabled
> > for MinGW32 compilation
> >
> > LibRaw 0.15.1 (24-05-2013)
> >
> > fixed wrong data maximum calculation for Panasonic files check
> > for possible buffer overrun in exposure correction code
>
> So there's a double-free (fixed in 0.15.2[3]) and a buffer
> overflow (fixed in 0.15.1[2]).
>
> Could CVE ids be assigned please?
>
> References: [1]http://www.libraw.org/download 
> [2]http://www.libraw.org/news/libraw-0-15-1 
> [3]http://www.libraw.org/news/libraw-0-15-2 
> http://secunia.com/advisories/53547/
>
> Cheers, -- Raphael Geissert - Debian Developer www.debian.org -
> get.debian.net

Can you include links to the code commits? thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRpPBJAAoJEBYNRVNeJnmTQBsP/2QS47rMG+mRHm9WY6VNYGH+
ttovDzsBDRepFC5OufnDm73NZr4cPAuO5Z8GZvMtNmwSq7qnPZjB6vk7s9dO8kRL
TImh7TqvHQpmQVZZ0dv0QFmW1LU6qrJTvOIvmhCzwq3GMnPiYSEELItDL276O6JV
f06aSRjCQG8XTwPKCFCCJGM9T03O2Q/ZuESTQMDtgencu2UZr664UxO5ojdscxAs
qtUVaHDM/WvuQfUgDs2IVWLWRtGBhJZMNOkfhMHxfbc86Se5LHjHFhD6dPF2lXyE
7OIPkRtFqvwIB9m7YdmAHnTT0sctSG9ndTR6Ok8BMbz2hk+zqDjZT0GDjt1+rjHH
AKEuMuHUpksoGuLenBbIxWL/+gnIKVG23EaS2CEX7ft7zcVdU2SH+zTCC4A8qFCY
F5pDbga0/LJNvo1D/D6EpLIeK1fTNzcIespiZy1cJ+0sIzL/z7SwV7ja/Lm4sgT1
dmRZdoflpqJFRsxzeHatUyGG5ZRE3CZinT7C/VZko4m3xAqtg+Er2nMRO/vqQ8le
VpobgucoDGscTWak+rX+rmztahoPNxne0Hs0o+TBkmUASpNVNQyv906At0wMmZ+a
Va01glMhMd8UPzbovmkAQ/9HVfTWsncFOCulfHqwxzToox5cYalTv243F21/3DxM
Bl/JX6JrVpiTRdMIgtPq
=LO+m
-----END PGP SIGNATURE-----