On Wednesday 01 July 2015 19:07:15 René Rebe wrote: > thanks for the report, I will look into it. I assume this is latest Debian > with this quite new Enligthenment 17-something Evas?
It is 0.8.9-7+deb8u1 from Debian Jessie. So it is using a new Evas/EFL (1.8.6) but not the newest version (1.14.2). Btw. did you had a chance to look at the CVE-2015-3885 [1,2,3]? Here just some information in case you want to reproduce the CVE: > The patch was not tested against any official "special crafted image" because > none was provided with the CVE. Instead a raw image was downloaded [1] and > modified to have the len at 0x13800+0x13801 set to 0. This causes an underflow > + endless loop in the original version of dcraw. [...] The test was > run via: > > $ econvert -i RAW_CANON_EOS_5DMARK3.CR2 -o test.png > > [...] > > [1] http://www.rawsamples.ch/raws/canon/RAW_CANON_EOS_5DMARK3.CR2 Kind regards, Sven [1] https://bugs.debian.org/786785 [2] https://anonscm.debian.org/cgit/collab-maint/exactimage.git/diff/debian/patches/CVE-2015-3885.patch?id=1bd34bf3080e2325eb4751f71c068725a8704210 [3] http://thread.gmane.org/gmane.comp.video.exact-image/55
signature.asc
Description: This is a digitally signed message part.
----------------------------------------------------------- If you wish to unsubscribe from this mailing, send mail to [email protected] with a subject of: unsubscribe exact-image
