[Pkg-phototools-devel] Bug#874729: marked as done (CVE-2017-13735: libraw: floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp)

[Debian Bug Tracking System]

Your message dated Fri, 06 Oct 2017 21:08:49 +0000
with message-id <e1e0zrv-0004zm...@fasolo.debian.org>
and subject line Bug#874729: fixed in libraw 0.18.5-1
has caused the Debian Bug report #874729,
regarding CVE-2017-13735: libraw: floating point exception in the 
kodak_radc_load_raw function in dcraw_common.cpp
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
874729: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874729
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Source: libraw
Version: 0.18.2-2
Severity: normal
Tags: security patch upstream
Forwarded: https://github.com/LibRaw/LibRaw/issues/96

There is a floating point exception in the kodak_radc_load_raw function in
dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service
attack.

https://nvd.nist.gov/vuln/detail/CVE-2017-13735
https://github.com/LibRaw/LibRaw/issues/96
https://bugzilla.redhat.com/show_bug.cgi?id=1483988

This has been fixed in upstream 0.18.3 release. Please see:
https://www.libraw.org/news/libraw-0-18-3

-- 
Henri Salo

signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

Source: libraw
Source-Version: 0.18.5-1

We believe that the bug you reported is fixed in the latest version of
libraw, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 874...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Matteo F. Vescovi <m...@debian.org> (supplier of updated libraw package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 06 Oct 2017 21:51:38 +0200
Source: libraw
Binary: libraw16 libraw-bin libraw-dev libraw-doc
Architecture: source
Version: 0.18.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers 
<pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Matteo F. Vescovi <m...@debian.org>
Description:
 libraw-bin - raw image decoder library (tools)
 libraw-dev - raw image decoder library (development files)
 libraw-doc - raw image decoder library (documentation)
 libraw16   - raw image decoder library
Closes: 874729
Changes:
 libraw (0.18.5-1) unstable; urgency=medium
 .
   * New upstream release (Closes: #874729)
   * debian/: autotools-dev usage dropped
   * debian/control: S-V bump 4.0.0 -> 4.1.1 (no changes needed)
Checksums-Sha1:
 cba03d352d7a13b49cdbdcc938b6318540657079 2334 libraw_0.18.5-1.dsc
 e407586eb93f08faf866715f2c2e356a7d304900 517232 libraw_0.18.5.orig.tar.gz
 f9b3700a1cf5ee1c4a0ee51bcffc7a41f204d769 20908 libraw_0.18.5-1.debian.tar.xz
 9624aaec2cb98af3ed70f9c6496db3941399e5f0 5563 libraw_0.18.5-1_source.buildinfo
Checksums-Sha256:
 0fc369ad26a75ab38fc27ef315eaa8e534902b52955913f60060bf2f6da4642e 2334 
libraw_0.18.5-1.dsc
 b2b86ff1dadb0ec36ec4d818d71113164f668e68b4e62ca19f29f452ea354840 517232 
libraw_0.18.5.orig.tar.gz
 9a984e398396ce0e4d2d423d392fd29d2f12e200c97a1e294b2aa6ff69a75296 20908 
libraw_0.18.5-1.debian.tar.xz
 aa379690727f9138b3401ad76fca7d89d24d71f234595a17a09401164d2f10d1 5563 
libraw_0.18.5-1_source.buildinfo
Files:
 243dc5c423a822454a2b3c85c36a33f6 2334 libs optional libraw_0.18.5-1.dsc
 8de74a03bf30dc08a667030aaa78d0ca 517232 libs optional libraw_0.18.5.orig.tar.gz
 3346d1aef30e1401f9d5c7d6783d09b9 20908 libs optional 
libraw_0.18.5-1.debian.tar.xz
 03a5085c4f4a35f4a540c4fd65730c1f 5563 libs optional 
libraw_0.18.5-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----
Comment: Debian powered!

iQKTBAEBCgB9FiEE890J+NqH0d9QRsmbBhL0lE7NzVoFAlnX3wNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYz
REQwOUY4REE4N0QxREY1MDQ2Qzk5QjA2MTJGNDk0NEVDRENENUEACgkQBhL0lE7N
zVr6AQ//e+LCavFLNHe/KLZuNIe0zjpg65zlyznTBGngHqkzrWCO9l4IGIMk31dO
3rb9LIBkbPXwva6qXZjhF9PLOprZxSYAy0QHszkvn4xg7Ol/ajzthfbpj+bQOQNb
emqjwSIdC3mgGbfj/b9NE64SVhDAANF9PXDbpwyePS5nA1O/Ch3C3hBUqmRFTNJ/
f4GihNeaSaVW71LhR7CxwleFGxQc2JHKvyFN1lw2PjHuAE/QLXcZ8cwDR75mpZ8f
FHA15wo5R3Pf9miaQLqhQOyFn1NKpREitqeiuOeMSlnQ/OoczDzTpBoxBdLI7TOB
TdajCOjnbVyKriMmEvD5jNvW1jXk9ErTVgKae0BkTCvGZTt2t77H3tnAZEEWlxQn
0C60uvHMtx8tVutR7I75iu2yjGS8BRVmUyDDEOer8hXt9M6GgwGfkooCHEFtFZRH
WnzkxAB+pth/minoWp+SSqUxxynjMtlP8OP8NWc12U2GdxeLn0RQj5XeCXiZUN1i
pOG1l82iMtw0RISn4whEEv0LZmud8tkfpEqCHpPuMxGqCcZa7NS9sJwNm5frH5eS
mryE10Qmt92gAZ1SY/oOykDAFTWIwz2BFjpX5hCmgcHd77kCbmOybwOFeOF1OL0k
lJpd2Rm49bMeJBU4vRUqhGy+l6mfaq9ZEIHvLt63Txn8eyAN55c=
=mRBc
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Pkg-phototools-devel mailing list
Pkg-phototools-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-phototools-devel