Hi Wolfgang, On 17/09/13 03:45 AM, Wolfgang Goetz wrote: > Hello, > > just stumbled over this: > http://www.gentoo.org/security/en/glsa/glsa-201309-09.xml > referencing > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2126 > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2127 > > > DT's libraw is somewhat not the original.. vulnerable or save?
The version which we've included in git master and all the 1.2.x, 1.3.x releases is 0.14.7 https://github.com/darktable-org/darktable/blob/master/src/external/LibRaw/libraw/libraw_version.h pmjdebruijn, could you investigate what we need to do to update our copy please? I've created http://www.darktable.org/redmine/issues/9585 to track. James C. McPherson -- Solaris kernel software engineer, system admin and troubleshooter https://www.jmcpdotcom.com/blog Find me on LinkedIn @ http://www.linkedin.com/in/jamescmcpherson ------------------------------------------------------------------------------ LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99! 1,500+ hours of tutorials including VisualStudio 2012, Windows 8, SharePoint 2013, SQL 2012, MVC 4, more. BEST VALUE: New Multi-Library Power Pack includes Mobile, Cloud, Java, and UX Design. Lowest price ever! Ends 9/20/13. http://pubads.g.doubleclick.net/gampad/clk?id=58041151&iu=/4140/ostg.clktrk _______________________________________________ darktable-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/darktable-devel
