oss-sec mailing list archives
Re: CVE request: libraw: multiple issues
From: Kurt Seifried <kseifried () redhat com>
Date: Tue, 28 May 2013 11:58:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/28/2013 02:43 AM, Raphael Geissert wrote:
Hi, From [1]:LibRaw 0.15.1 (26-05-2013)This should be 0.15.2Fixed possible double-free() on error recovery on damaged full-color (Foveon, sRAW) files. wchar_t* file interface disabled for MinGW32 compilation LibRaw 0.15.1 (24-05-2013) fixed wrong data maximum calculation for Panasonic files check for possible buffer overrun in exposure correction codeSo there's a double-free (fixed in 0.15.2[3]) and a buffer overflow (fixed in 0.15.1[2]). Could CVE ids be assigned please? References: [1]http://www.libraw.org/download [2]http://www.libraw.org/news/libraw-0-15-1 [3]http://www.libraw.org/news/libraw-0-15-2 http://secunia.com/advisories/53547/ Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Can you include links to the code commits? thanks. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRpPBJAAoJEBYNRVNeJnmTQBsP/2QS47rMG+mRHm9WY6VNYGH+ ttovDzsBDRepFC5OufnDm73NZr4cPAuO5Z8GZvMtNmwSq7qnPZjB6vk7s9dO8kRL TImh7TqvHQpmQVZZ0dv0QFmW1LU6qrJTvOIvmhCzwq3GMnPiYSEELItDL276O6JV f06aSRjCQG8XTwPKCFCCJGM9T03O2Q/ZuESTQMDtgencu2UZr664UxO5ojdscxAs qtUVaHDM/WvuQfUgDs2IVWLWRtGBhJZMNOkfhMHxfbc86Se5LHjHFhD6dPF2lXyE 7OIPkRtFqvwIB9m7YdmAHnTT0sctSG9ndTR6Ok8BMbz2hk+zqDjZT0GDjt1+rjHH AKEuMuHUpksoGuLenBbIxWL/+gnIKVG23EaS2CEX7ft7zcVdU2SH+zTCC4A8qFCY F5pDbga0/LJNvo1D/D6EpLIeK1fTNzcIespiZy1cJ+0sIzL/z7SwV7ja/Lm4sgT1 dmRZdoflpqJFRsxzeHatUyGG5ZRE3CZinT7C/VZko4m3xAqtg+Er2nMRO/vqQ8le VpobgucoDGscTWak+rX+rmztahoPNxne0Hs0o+TBkmUASpNVNQyv906At0wMmZ+a Va01glMhMd8UPzbovmkAQ/9HVfTWsncFOCulfHqwxzToox5cYalTv243F21/3DxM Bl/JX6JrVpiTRdMIgtPq =LO+m -----END PGP SIGNATURE-----
Current thread:
- CVE request: libraw: multiple issues Raphael Geissert (May 28)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 29)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 04)
- Re: CVE request: libraw: multiple issues Alexander Bergmann (Jun 10)
- Re: CVE request: libraw: multiple issues Raphael Geissert (Jun 11)
- Re: CVE request: libraw: multiple issues Raphael Geissert (May 29)
- Re: CVE request: libraw: multiple issues Kurt Seifried (May 28)