FEDORA-2018-baa8315daa created by smani 2 years ago for Fedora 27
stable

Update to LibRaw-0.18.13, see https://www.libraw.org/news/libraw-0-18-13 for details. Fixes CVE-2018-5815, CVE-2018-5816.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-baa8315daa

This update has been submitted for testing by smani.

2 years ago

This update has been pushed to testing.

2 years ago

thanks for the update.

fyi: the CVEs mentioned have been fixed in libraw 0.18.12 as far as I know. 0.18.13 fixes two additional possible vulns w/o CVE 1. fixed possible stack overrun while reading zero-sized strings, maybe this

https://github.com/LibRaw/LibRaw/commit/e25a09e42bc05a666a28f5f55bfad02f69567712 2. fixed possible integer overflow, maybe this: https://github.com/LibRaw/LibRaw/commit/2aabf1b68a8a1dc953ca698ba79f89a80f0f5150

see

https://github.com/LibRaw/LibRaw/compare/0.18.12...0.18.13

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for batched by smani.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#1610151 CVE-2018-5815 LibRaw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service
0
0
BZ#1610153 CVE-2018-5815 mingw-LibRaw: LibRaw: Integer overflow in internal/dcraw_common.cpp:parse_qt() allows for denial of service [fedora-all]
0
0
BZ#1610156 CVE-2018-5816 LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service
0
0
BZ#1610158 CVE-2018-5816 mingw-LibRaw: LibRaw: Integer overflow in internal/dcraw_common.cpp:identify() allows for denial of service [fedora-all]
0
0

Automated Test Results