David Bremner <[email protected]> writes: > I'm not sure yet that the vulnerability occurs in the version of libraw > embedded in darktable. There is some relevant discussion on the > darktable developers list > > http://article.gmane.org/gmane.comp.graphics.darktable.devel/2628 > > If nothing else, the proposed patch won't apply, because raw_alloc > doesn't occur at all in src/External/LibRaw/src/libraw_cxx.cpp
It seems like this might be the backported fix (suggesting there was indeed a problem to fix). https://github.com/LibRaw/LibRaw/commit/c14ae36d28e80139b2f31b5d9d7623db3b597a3a Darktable upstream just cherry picked that to their current release branches. I don't know yet if the same patch applies to the version in wheezy. d _______________________________________________ Pkg-phototools-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
