A Debian developer noted that darktable uses a bundled copy of libraw, which is affected by a double-free security issue, which we have fixed in our libraw package in Bug 10346: http://openwall.com/lists/oss-security/2013/06/04/2 Reproducible: Steps to Reproduce:
See Also: (none) => https://bugs.mageia.org/show_bug.cgi?id=10346Whiteboard: (none) => MGA3TOO, MGA2TOO
OpenSuSE has issued an advisory for this on June 26: http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html
URL: (none) => http://lwn.net/Vulnerabilities/553302/
This is fixed upstream in darktable 1.2.2, which is in Cauldron. The darktable version in Mageia 2 appears to not contain the vulnerability. Patched package uploaded for Mageia 3. Advisory: ======================== Updated darktable package fixes security vulnerability: A double-free error exits when handling damaged full-color within Foveon and sRAW files in libraw, which is embedded in darktable (CVE-2013-2126). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2126 http://secunia.com/advisories/53547/ http://www.libraw.org/news/libraw-0-15-2 http://lists.opensuse.org/opensuse-updates/2013-06/msg00193.html ======================== Updated packages in core/updates_testing: ======================== darktable-1.2-1.1.mga3 from darktable-1.2-1.1.mga3.src.rpm
CC: (none) => mageiaVersion: Cauldron => 3Assignee: mageia => qa-bugsWhiteboard: MGA3TOO, MGA2TOO => (none)
Advisory 10427.adv added to svn. No poc, so just testing that the update works. Testing shortly.
CC: (none) => davidwhodgins
Testing complete on Mageia 3 i586 and x86_64. Just imported a variety of images and explored the menu options. Could someone from the sysadmin team pusht 10427.adv.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
http://advisories.mageia.org/MGASA-2013-0223.html
Status: NEW => RESOLVEDCC: (none) => boklmResolution: (none) => FIXED
CC: boklm => (none)