As reported in Bug 11149, darktable contains an embedded copy of LibRaw, and darktable prior to version 1.2.3 is vulnerable to the security issues CVE-2013-1438 and CVE-2013-1439. Mageia 4 shipped with 1.2.3, so it and Cauldron are not vulnerable. Patched package uploaded for Mageia 3. Advisory: ======================== Updated darktable package fixes security vulnerabilities: Darktable before version 1.2.3 contains an embedded copy of LibRaw that incorrectly handled photo files. If a user was tricked into processing a specially crafted photo file, darktable could be made to crash, resulting in a denial of service (CVE-2013-1438, CVE-2013-1439). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1439 http://www.ubuntu.com/usn/usn-1964-1/ ======================== Updated packages in core/updates_testing: ======================== darktable-1.2-1.2.mga3 from darktable-1.2-1.2.mga3.src.rpm Reproducible: Steps to Reproduce:
Blocks: (none) => 11149
Testing procedure: just import a variety of images (including raw files) and explore the menus. I haven't found example files to test the vulnerability.
CC: (none) => stormiWhiteboard: (none) => has_procedure
Testing complete mga3 32 & 64
Whiteboard: has_procedure => has_procedure mga3-32-ok mga3-64-ok
Advisory uploaded. Validating. Could sysadmin please push to 3 updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure mga3-32-ok mga3-64-ok => has_procedure advisory mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0050.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED