Your message dated Sun, 01 Sep 2013 01:48:28 +0000
with message-id <[email protected]>
and subject line Bug#721233: fixed in darktable 1.2.2-2
has caused the Debian Bug report #721233,
regarding CVE-2013-1438: darktable: multiple vulnerabilities
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
721233: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721233
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libraw
Severity: important
Tags: security
Control: clone -1 -2 -3 -4 -5 -6 -7 -8 -9
Control: retitle -1 CVE-2013-1438: libraw: multiple vulnerabilities
Control: retitle -2 CVE-2013-1438: dcraw: multiple vulnerabilities
Control reassign -2 dcraw
Control: retitle -3 CVE-2013-1438: darktable: multiple vulnerabilities
Control reassign -3 darktable
Control: retitle -4 CVE-2013-1438: ufraw: multiple vulnerabilities
Control reassign -4 ufraw
Control: retitle -5 CVE-2013-1438: xbmc: multiple vulnerabilities
Control reassign -5 src:xbmc
Control: retitle -6 CVE-2013-1438: exactimage: multiple vulnerabilities
Control reassign -6 exactimage
Control: retitle -7 CVE-2013-1438: rawstudio: multiple vulnerabilities
Control reassign -7 rawstudio
Control: retitle -8 CVE-2013-1438: rawtherapee: multiple vulnerabilities
Control reassign -8 rawtherapee
Control: retitle -9 CVE-2013-1438: libkdcraw: multiple vulnerabilities
Control reassign -9 libkdcraw
Hi,
I found a few vulnerabilities in dcraw and are all covered by the
CVE-2013-1438 id:
"Specially crafted photo files may trigger a division by zero, an
infinite loop, or a null pointer dereference."
Alex Tutubalin, libraw upstream, has patched the vulnerabilities in
libraw and the patches should apply as-is to the vast majority of
embedders. For the details
http://www.openwall.com/lists/oss-security/2013/08/29/3
Please include the CVE id when fixing these vulnerabilities and
consider fixing them in old/stable via a {O,}SPU by following standard
procedures for stable release updates.
P.S. yes, the above Control list is annoying, but so is having so many
copies of the same code base in the archive.
Thanks,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: darktable
Source-Version: 1.2.2-2
We believe that the bug you reported is fixed in the latest version of
darktable, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Bremner <[email protected]> (supplier of updated darktable package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 31 Aug 2013 13:15:22 -0300
Source: darktable
Binary: darktable darktable-dbg
Architecture: source amd64
Version: 1.2.2-2
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers
<[email protected]>
Changed-By: David Bremner <[email protected]>
Description:
darktable - virtual lighttable and darkroom for photographers
darktable-dbg - virtual lighttable and darkroom for photographers
Closes: 721233 721339
Changes:
darktable (1.2.2-2) unstable; urgency=medium
.
* Port libraw commit c4e374ea. This one commit is a fix for two bugs.
- Bug fix: "darktable: multiple vulnerabilities", thanks to Raphael
Geissert (Closes: #721233).
- Bug fix: "darktable: multiple vulnerabilities", thanks to Raphael
Geissert (Closes: #721339).
Checksums-Sha1:
db1fa7e26ec20a548ebd64346a1a9e9ffc41690c 2294 darktable_1.2.2-2.dsc
703a683c04f3eda02afae1f85f73ba4255cde3ee 15058 darktable_1.2.2-2.debian.tar.gz
80a653d5c8e0577d9f2ddd8edc6044642c632ae5 1810494 darktable_1.2.2-2_amd64.deb
93c5b90f75ead4feb743e0dd38b61316770b1a19 7140204
darktable-dbg_1.2.2-2_amd64.deb
Checksums-Sha256:
e3246c942820d289673f0dd575ce2a078712f6ac0faa30e63473fd66017099fe 2294
darktable_1.2.2-2.dsc
0a43e6e94bb0490095d605e22f63ecd9bd6e661987aad717261c0722819a757f 15058
darktable_1.2.2-2.debian.tar.gz
d63f83a71a359a5796a7ff1328a48e5c342652dfa440503af6483b47c590066e 1810494
darktable_1.2.2-2_amd64.deb
7d9033e30f2d499b5859b0629fc6f2c916e72b3a4300152770b95d9982a23e71 7140204
darktable-dbg_1.2.2-2_amd64.deb
Files:
4d08cb70e0fc4db49a514efc36aff391 2294 graphics optional darktable_1.2.2-2.dsc
de6c60dabec601fe2724c81833d80269 15058 graphics optional
darktable_1.2.2-2.debian.tar.gz
43bfa89a9230a1d8d44eea195c9d38de 1810494 graphics optional
darktable_1.2.2-2_amd64.deb
b188201b30659ed25495862f27ad9eeb 7140204 debug extra
darktable-dbg_1.2.2-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQGcBAEBCAAGBQJSIpiAAAoJEPIClx2kp54sjGUL/3q23wGTFgaR1obNjWyeoetq
SiJ93GAqUl04ipQyh+utDjS4SKSuXE05Kb9lCmqh28MELhtqC/7y/FclDhPzMCLg
8eklkEmhe/TosWFmQLvYGNzY7vxjNYJ3BK2MN+gZQnwzzhTOa4uq8efTvJG8tEQt
QEk5sluEMdWxFJM2pW4ilYMGvEiYLG8bTsbxtpKbusUObwvpNMTgi+eQRuV2swGP
WhZtDhNmysQHAUhSp4d1X79AyOaMJwtj22Kh3YOa8kMi9q3P3j0dXhgOWQptBBEk
/UUNpJIETrg1RAx/gR2s0huycUPne4T7JjX/9SUIAFXmhnzE/jxUvBcNKzh+hjjb
erlgBS5YBXgBDbIBWW+AdJeDmo4WQbXneivfc/OfjtmM8/0LuCDq7igcLBk72097
YRAAPCSoG/l58U5Tyy6qua9Mh4vFl5emXVf8/v6gm3rI5dU0MwmemyE28+LHPqC0
WWE+A6goD91/4tN5rUKIBaIQzY+v/vsSJL/R3M2YTg==
=HHk+
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-phototools-devel mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel
