Bug 31903

Summary: libraw, digikam new security issue CVE-2023-1729
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED OLD QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: geiger.david68210, mageia, nicolas.salguero
Version: 8   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: libraw-0.20.2-4.mga9.src.rpm, digikam-7.1.0-4.2.mga8.src.rpm CVE:
Status comment: Patches available from upstream

Description David Walser 2023-05-09 17:52:59 CEST 
Fedora has issued an advisory on May 8:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/X3ZLFM2FC7WMCMUCO25Y6FRCK6ANZ75I/

The vulnerability is in libraw code which is bundled in digikam, which includes a fix in digikam 8.0.0 (already in Cauldron).

We need to backport the fix to digikam in Mageia 8 and fix libraw in both.
David Walser 2023-05-09 17:53:40 CEST

Status comment: (none) => Patches available from upstream
Whiteboard: (none) => MGA8TOO

Comment 1 David GEIGER 2023-05-09 19:55:24 CEST 
libraw fixed for both mga8 and cauldron!

CC: (none) => geiger.david68210

Comment 2 David Walser 2023-05-10 04:22:15 CEST 
libraw_r20-0.20.2-1.2.mga8
libraw20-0.20.2-1.2.mga8
libraw-devel-0.20.2-1.2.mga8
libraw-tools-0.20.2-1.2.mga8

from libraw-0.20.2-1.2.mga8.src.rpm


Update for digikam still pending.

Whiteboard: MGA8TOO => (none)
Version: Cauldron => 8

Comment 3 Lewis Smith 2023-05-10 21:21:04 CEST 
Different packagers have dealt with libraw, so assigning this globally.

Assignee: bugsquad => pkg-bugs

Comment 4 David Walser 2023-05-11 18:09:26 CEST 
Fedora has issued an advisory for libraw on May 10:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UD4H4XTVC2IKVVGPNRKZPP4QUYARLVR7/

CC: (none) => mageia

Comment 5 David Walser 2023-06-15 23:31:37 CEST 
Debian has issued an advisory for libraw on May 27:
https://www.debian.org/security/2023/dsa-5412
Comment 6 Nicolas Salguero 2024-01-12 10:50:27 CET 
Mageia 8 EOL

Status: NEW => RESOLVED
CC: (none) => nicolas.salguero
Resolution: (none) => OLD