Mageia Bugzilla – Bug 12692
darktable new security issues CVE-2013-1438 and CVE-2013-1439
Last modified: 2014-02-10 21:34:18 CET
As reported in Bug 11149, darktable contains an embedded copy of LibRaw, and darktable prior to version 1.2.3 is vulnerable to the security issues CVE-2013-1438 and CVE-2013-1439.
Mageia 4 shipped with 1.2.3, so it and Cauldron are not vulnerable.
Patched package uploaded for Mageia 3.
Updated darktable package fixes security vulnerabilities:
Darktable before version 1.2.3 contains an embedded copy of LibRaw that
incorrectly handled photo files. If a user was tricked into processing a
specially crafted photo file, darktable could be made to crash, resulting
in a denial of service (CVE-2013-1438, CVE-2013-1439).
Updated packages in core/updates_testing:
Steps to Reproduce:
Testing procedure: just import a variety of images (including raw files) and explore the menus.
I haven't found example files to test the vulnerability.
Testing complete mga3 32 & 64
Advisory uploaded. Validating.
Could sysadmin please push to 3 updates