[Git][security-tracker-team/security-tracker][master] Track fixes for libraw via unstable

Salvatore Bonaccorso (@carnil) Mon, 11 May 2026 05:37:52 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
31e092ab by Salvatore Bonaccorso at 2026-05-11T14:37:12+02:00
Track fixes for libraw via unstable

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20070,11 +20070,11 @@ CVE-2026-27315 (Sensitive Information Leak in cqlsh 
in Apache Cassandra 4.0 allo
 CVE-2026-27314 (Privilege escalationin Apache Cassandra 5.0 on an mTLS 
environment usi ...)
        - cassandra <itp> (bug #585905)
 CVE-2026-24660 (A heap-based buffer overflow vulnerability exists in the 
x3f_load_huff ...)
-       - libraw <unfixed> (bug #1133845)
+       - libraw 0.22.1-1 (bug #1133845)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/a4a0ab69d286c7638741e70a11f04fb3d7b49db2
 CVE-2026-24450 (An integer overflow vulnerability exists in the 
uncompressed_fp_dng_lo ...)
-       - libraw <unfixed> (bug #1133845)
+       - libraw 0.22.1-1 (bug #1133845)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/a58727c1a3cfef4101700e546a6a661c6a299d97
 CVE-2026-24175 (NVIDIA Triton Inference Server contains a vulnerability where 
an attac ...)
@@ -20106,19 +20106,19 @@ CVE-2026-22679 (Weaver (Fanwei) E-cology 10.0 
versions prior to20260312 contain
 CVE-2026-22666 (Dolibarr ERP/CRM versions prior to 23.0.2 contain an 
authenticated rem ...)
        - dolibarr <removed>
 CVE-2026-21413 (A heap-based buffer overflow vulnerability exists in the 
lossless_jpeg ...)
-       - libraw <unfixed> (bug #1133845)
+       - libraw 0.22.1-1 (bug #1133845)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/32c7b783de262f21fa5e3f58a59031edf23ab3cb
 CVE-2026-20911 (A heap-based buffer overflow vulnerability exists in the 
HuffTable::in ...)
-       - libraw <unfixed> (bug #1133845)
+       - libraw 0.22.1-1 (bug #1133845)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
 CVE-2026-20889 (A heap-based buffer overflow vulnerability exists in the 
x3f_thumb_loa ...)
-       - libraw <unfixed> (bug #1133845)
+       - libraw 0.22.1-1 (bug #1133845)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/657b68d20456eaeb9639976f328827195ff41383
 CVE-2026-20884 (An integer overflow vulnerability exists in the 
deflate_dng_load_raw f ...)
-       - libraw <unfixed> (bug #1133845)
+       - libraw 0.22.1-1 (bug #1133845)
        NOTE: 
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364
        NOTE: 
https://github.com/LibRaw/LibRaw/commit/39873163faa29ed5dfc3bb5aab1b46ed807b210f
 CVE-2026-1079 (A native messaging host vulnerability in Pega Browser Extension 
(PBE)  ...)
@@ -22132,7 +22132,7 @@ CVE-2026-5346 (A vulnerability was determined in 
huimeicloud hm_editor up to 2.2
 CVE-2026-5344 (A security vulnerability has been detected in Textpattern up to 
4.9.1. ...)
        - textpattern <removed>
 CVE-2026-5342 (A flaw has been found in LibRaw up to 0.22.0. This affects the 
functio ...)
-       - libraw <unfixed> (bug #1132655)
+       - libraw 0.22.1-1 (bug #1132655)
        [trixie] - libraw <no-dsa> (Minor issue)
        [bookworm] - libraw <no-dsa> (Minor issue)
        [bullseye] - libraw <postponed> (Minor issue)
@@ -22722,7 +22722,7 @@ CVE-2026-5320 (A vulnerability was detected in vanna-ai 
vanna up to 2.0.2. Affec
 CVE-2026-5319 (A security vulnerability has been detected in itsourcecode 
Payroll Man ...)
        NOT-FOR-US: itsourcecode System
 CVE-2026-5318 (A weakness has been identified in LibRaw up to 0.22.0. This 
impacts th ...)
-       - libraw <unfixed> (bug #1132655)
+       - libraw 0.22.1-1 (bug #1132655)
        NOTE: https://github.com/LibRaw/LibRaw/issues/794
        NOTE: Fixed by: 
https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
 CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22. 
This a ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e092ab1c4f2205bca95d5a2acc7c3f65b5d237

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/31e092ab1c4f2205bca95d5a2acc7c3f65b5d237
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Track fixes for libraw via unstable

Reply via email to