| Summary: | libraw security fixes upstream in 0.18.13 (including CVE-2018-1052[89], CVE-2018-5807, CVE-2018-581[0-3,56]) | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | All Packagers <pkg-bugs> |
| Status: | RESOLVED OLD | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | marja11 |
| Version: | 5 | ||
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | libraw-0.16.2-1.5.mga5.src.rpm | CVE: | |
| Status comment: | Patches available from openSUSE, Ubuntu, and upstream | ||
| Bug Depends on: | 22695, 22956 | ||
| Bug Blocks: | |||
|
Description
David Walser
2018-03-18 23:17:12 CET
Ubuntu has issued an advisory today (April 3): https://usn.ubuntu.com/3615-1/ It fixed at least the 0.18.7 issues, as well as CVE-2017-16909, which I don't believe we've fixed yet in Mageia 5. They fixed 0.17.x and 0.15.x, so we can probably adapt patches for 0.16.x. 0.18.9 fixed SA81800 and some buffer and stack overruns: https://www.libraw.org/download Summary:
libraw minor security fixes upstream in 0.18.8 =>
libraw minor security fixes upstream in 0.18.9 Two more vulnerabilities were discovered in 0.18.9. openSUSE has issued an advisory for this today (May 3): https://lists.opensuse.org/opensuse-updates/2018-05/msg00009.html Summary:
libraw minor security fixes upstream in 0.18.9 =>
libraw minor security fixes upstream in 0.18.9 (plus CVE-2018-10528 and CVE-2018-10529)
David Walser
2018-05-04 08:39:23 CEST
Status comment:
(none) =>
Patches available from openSUSE, Ubuntu, and upstream The CVEs were fixed in 0.18.10. 0.18.11 fixes SA83050 and other issues: https://www.libraw.org/download Summary:
libraw minor security fixes upstream in 0.18.9 (plus CVE-2018-10528 and CVE-2018-10529) =>
libraw security fixes upstream in 0.18.11 (including CVE-2018-10528 and CVE-2018-10529) Ubuntu has issued an advisory for the CVE issues on May 8: https://usn.ubuntu.com/3639-1/ 0.18.12 fixes SA83507 and an integer overflow: https://www.libraw.org/download Summary:
libraw security fixes upstream in 0.18.11 (including CVE-2018-10528 and CVE-2018-10529) =>
libraw security fixes upstream in 0.18.12 (including CVE-2018-10528 and CVE-2018-10529) 0.18.13 fixes two more security issues: https://www.libraw.org/download - fixed possible stack overrun while reading zero-sized strings - fixed possible integer overflow Fedora has issued an advisory for this today (July 24): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SAILUJLX73GTMC4BTJPFRXMDQIFLWFMV/ Summary:
libraw security fixes upstream in 0.18.12 (including CVE-2018-10528 and CVE-2018-10529) =>
libraw security fixes upstream in 0.18.13 (including CVE-2018-10528 and CVE-2018-10529) 0.18.9 fixed CVE-2018-5807 and CVE-2018-581[0-2]: https://bugzilla.suse.com/show_bug.cgi?id=1103361 https://bugzilla.suse.com/show_bug.cgi?id=1103353 https://bugzilla.suse.com/show_bug.cgi?id=1103359 https://bugzilla.suse.com/show_bug.cgi?id=1103360 0.18.11 fixed CVE-2018-5813: https://bugzilla.redhat.com/show_bug.cgi?id=1609954 0.18.12 fixed CVE-2018-5815: https://bugzilla.suse.com/show_bug.cgi?id=1103206 openSUSE has issued an advisory for this today (August 10): https://lists.opensuse.org/opensuse-updates/2018-08/msg00068.html Summary:
libraw security fixes upstream in 0.18.13 (including CVE-2018-10528 and CVE-2018-10529) =>
libraw security fixes upstream in 0.18.13 (including CVE-2018-1052[89], CVE-2018-5807, CVE-2018-581[0-3,5]) 0.18.12 fixed CVE-2018-5816: https://bugzilla.redhat.com/show_bug.cgi?id=1610156 Summary:
libraw security fixes upstream in 0.18.13 (including CVE-2018-1052[89], CVE-2018-5807, CVE-2018-581[0-3,5]) =>
libraw security fixes upstream in 0.18.13 (including CVE-2018-1052[89], CVE-2018-5807, CVE-2018-581[0-3,56]) The limited support Mga5 continued to have after its official EOL has ended, so closing this bug as OLD. Resolution:
(none) =>
OLD |