Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
79630923 by Salvatore Bonaccorso at 2026-05-11T15:04:40+02:00
Track fixes in 0.22.1 for libraw issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20073,10 +20073,12 @@ CVE-2026-24660 (A heap-based buffer overflow
vulnerability exists in the x3f_loa
- libraw 0.22.1-1 (bug #1133845)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2359
NOTE:
https://github.com/LibRaw/LibRaw/commit/a4a0ab69d286c7638741e70a11f04fb3d7b49db2
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/ac151a829b8d3e4c74fa3aefa8a029c3cc3f857f
(0.22.1)
CVE-2026-24450 (An integer overflow vulnerability exists in the
uncompressed_fp_dng_lo ...)
- libraw 0.22.1-1 (bug #1133845)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2363
NOTE:
https://github.com/LibRaw/LibRaw/commit/a58727c1a3cfef4101700e546a6a661c6a299d97
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/c911c9b9edffa5fab99f828d0fee6dd2d0f6105f
(0.22.1)
CVE-2026-24175 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
NOT-FOR-US: NVIDIA
CVE-2026-24174 (NVIDIA Triton Inference Server contains a vulnerability where
an attac ...)
@@ -20109,18 +20111,22 @@ CVE-2026-21413 (A heap-based buffer overflow
vulnerability exists in the lossles
- libraw 0.22.1-1 (bug #1133845)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2331
NOTE:
https://github.com/LibRaw/LibRaw/commit/32c7b783de262f21fa5e3f58a59031edf23ab3cb
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/75ed2c12a35b765b3b6ad695cc1f044f19efe644
(0.22.1)
CVE-2026-20911 (A heap-based buffer overflow vulnerability exists in the
HuffTable::in ...)
- libraw 0.22.1-1 (bug #1133845)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2330
NOTE:
https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
(0.22.1)
CVE-2026-20889 (A heap-based buffer overflow vulnerability exists in the
x3f_thumb_loa ...)
- libraw 0.22.1-1 (bug #1133845)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2358
NOTE:
https://github.com/LibRaw/LibRaw/commit/657b68d20456eaeb9639976f328827195ff41383
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/b9809e410d07ca7bf408e6d036615fb34f8c47cc
(0.22.1)
CVE-2026-20884 (An integer overflow vulnerability exists in the
deflate_dng_load_raw f ...)
- libraw 0.22.1-1 (bug #1133845)
NOTE:
https://talosintelligence.com/vulnerability_reports/TALOS-2026-2364
NOTE:
https://github.com/LibRaw/LibRaw/commit/39873163faa29ed5dfc3bb5aab1b46ed807b210f
+ NOTE:
https://github.com/LibRaw/LibRaw/commit/aa4458eb511daeae90676c1ce5c587106e4aaec1
(0.22.1)
CVE-2026-1079 (A native messaging host vulnerability in Pega Browser Extension
(PBE) ...)
NOT-FOR-US: Pega Browser Extension (PBE)
CVE-2026-1078 (An arbitrary file-write vulnerability in Pega Browser Extension
(PBE) ...)
@@ -22138,6 +22144,7 @@ CVE-2026-5342 (A flaw has been found in LibRaw up to
0.22.0. This affects the fu
[bullseye] - libraw <postponed> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/795
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/b8397cd45657b84e88bd1202528d1764265f185c
+ NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/2468614a9cbcab6b75ca279ab60cac62156f7aeb
(0.22.1)
CVE-2026-5339 (A vulnerability was detected in Tenda G103 1.0.0.5. The
impacted eleme ...)
NOT-FOR-US: Tenda
CVE-2026-5338 (A security vulnerability has been detected in Tenda G103
1.0.0.5. The ...)
@@ -22725,6 +22732,7 @@ CVE-2026-5318 (A weakness has been identified in LibRaw
up to 0.22.0. This impac
- libraw 0.22.1-1 (bug #1132655)
NOTE: https://github.com/LibRaw/LibRaw/issues/794
NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/a6734e867b19d75367c05f872ac26322464e3995
+ NOTE: Fixed by:
https://github.com/LibRaw/LibRaw/commit/5357bb5fc67ac616838fb84de67260d45987489b
(0.22.1)
CVE-2026-5317 (A security flaw has been discovered in Nothings stb up to 1.22.
This a ...)
- libstb <unfixed> (bug #1134888)
[trixie] - libstb <no-dsa> (Minor issue)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79630923cf4033235f89cccde5212125363f6dbc
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/79630923cf4033235f89cccde5212125363f6dbc
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
