[ubuntu/trusty-updates] libraw 0.15.4-1ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Nov 22 21:28:09 UTC 2017


libraw (0.15.4-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in ljpeg_start
    - debian/patches/CVE-2015-3885.patch: use ushort in dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2015-3885
  * SECURITY UPDATE: index overflow and lack of initialization
    - debian/patches/CVE-2015-836x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp, add proper initialization to
      src/libraw_cxx.cpp.
    - CVE-2015-8366
    - CVE-2015-8367
  * SECURITY UPDATE: memory corruption in parse_tiff_ifd
    - debian/patches/CVE-2017-688x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-6886
    - CVE-2017-6887
  * SECURITY UPDATE: floating point exception in kodak_radc_load_raw
    - debian/patches/CVE-2017-13735.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-13735
  * SECURITY UPDATE: buffer overflow in xtrans_interpolate
    - debian/patches/CVE-2017-14265.patch: add checks to dcraw/dcraw.c.
    - CVE-2017-14265
  * SECURITY UPDATE: out of bounds read in kodak_65000_load_raw
    - debian/patches/CVE-2017-14608.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-14608

Date: 2017-11-16 19:55:54.897708+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libraw/0.15.4-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list