Mageia Bugzilla – Bug 10427
darktable new security issue CVE-2013-2126
Last modified: 2014-05-08 18:07:25 CEST
A Debian developer noted that darktable uses a bundled copy of libraw, which is affected by a double-free security issue, which we have fixed in our libraw package in Bug 10346:
Steps to Reproduce:
OpenSuSE has issued an advisory for this on June 26:
This is fixed upstream in darktable 1.2.2, which is in Cauldron.
The darktable version in Mageia 2 appears to not contain the vulnerability.
Patched package uploaded for Mageia 3.
Updated darktable package fixes security vulnerability:
A double-free error exits when handling damaged full-color within Foveon and
sRAW files in libraw, which is embedded in darktable (CVE-2013-2126).
Updated packages in core/updates_testing:
Advisory 10427.adv added to svn.
No poc, so just testing that the update works.
Testing complete on Mageia 3 i586 and x86_64.
Just imported a variety of images and explored the menu options.
Could someone from the sysadmin team pusht 10427.adv.