Control: found -1 0.14.6-2 Control: tags -1 patch 03.06.2013 в 19:34:15 +0400 Stepan Golosunov написал: > On Thu, May 30, 2013 at 09:22:27AM +0200, Moritz Muehlenhoff wrote: > > Package: libraw > > Severity: grave > > Tags: security > > > > Two security issues have been found in libraw. Please see this link for > > more information and links to upstream commits: > > > > http://www.openwall.com/lists/oss-security/2013/05/29/7
> According to > http://blog.lexa.ru/2013/05/28/o_spiskakh_uyazvimostei_v_programmakh.html > the buggy code is present only in 0.15 branch. Apparently (https://bugzilla.redhat.com/show_bug.cgi?id=968382#c5) only CVE-2013-2127 is limited to 0.15 (and as a result is not present in debian libraw packages). According to https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-2126 CVE-2013-2126 affects 0.14 an 0.15 and patch for 0.14 is available at https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a --- a/src/libraw_cxx.cpp +++ b/src/libraw_cxx.cpp @@ -796,8 +796,8 @@ int LibRaw::unpack(void) S.iheight= S.height; IO.shrink = 0; // allocate image as temporary buffer, size - imgdata.rawdata.raw_alloc = calloc(S.iwidth*S.iheight,sizeof(*imgdata.image)); - imgdata.image = (ushort (*)[4]) imgdata.rawdata.raw_alloc; + imgdata.rawdata.raw_alloc = 0; + imgdata.image = (ushort (*)[4]) calloc(S.iwidth*S.iheight,sizeof(*imgdata.image)); } @@ -807,8 +807,8 @@ int LibRaw::unpack(void) // recover saved if( decoder_info.decoder_flags & LIBRAW_DECODER_LEGACY) { - imgdata.image = 0; - imgdata.rawdata.color_image = (ushort (*)[4]) imgdata.rawdata.raw_alloc; + imgdata.rawdata.raw_alloc = imgdata.rawdata.color_image = imgdata.image; + imgdata.image = 0; } // calculate channel maximum > (Note that there are other packages that duplicate libraw sources. > Darktable, for example, includes libraw 0.14.7.) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org