As was reported in Bug 11149, rawtherapee contains an embedded of dcraw, which is vulnerable to security issue CVE-2013-1438. Patched packages uploaded for Mageia 3, Mageia 4, and Cauldron. Advisory: ======================== Updated rawtherapee package fixes security vulnerability: Due to flaws in the embedded copy of dcraw in rawtherapee, corrupt input files might trigger a division by zero, an infinite loop, or a null pointer dereference (CVE-2013-1438). References: References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438 https://lists.fedoraproject.org/pipermail/package-announce/2013-December/124176.html http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1438.html ======================== Updated packages in core/updates_testing: ======================== rawtherapee-4.0.7-3.1.mga3 rawtherapee-4.0.11-2.1.mga4 from SRPMS: rawtherapee-4.0.7-3.1.mga3.src.rpm rawtherapee-4.0.11-2.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Version: Cauldron => 4Blocks: (none) => 11149Whiteboard: (none) => MGA3TOO
Error: user's profiles' directory "/home/user/.config/RawTherapee4.0.11/profiles" creation failed But this directory was created succesfully in real. I tested in mga4-32
CC: (none) => loginov_alex
(In reply to Alex Loginov from comment #1) > Error: user's profiles' directory > "/home/user/.config/RawTherapee4.0.11/profiles" creation failed > But this directory was created succesfully in real. > I tested in mga4-32 Can you describe the steps that make this error message appear?
CC: (none) => stormi
I installed rawtherapee-4.0.11-2.1.mga4 and ran the first time. No error when the second start.
Testing Mga3 32-bit.
CC: (none) => isolde
Tested some of the usual photo editing features in Mga3 32-bit, such as exposure, white balance, colour channels, hue, saturation, cropping, saving in different formats. No problems noticed before or after update.
Whiteboard: MGA3TOO => MGA3TOO MGA3-32-OK
Tested some of the usual photo editing features in Mga3 32-bit, such as exposure, white balance, colour channels, hue, saturation, cropping, saving in different formats. No error at first or second start. No problems noticed before or after update. Mga4-64
CC: (none) => makowski.mageiaWhiteboard: MGA3TOO MGA3-32-OK => MGA3TOO MGA3-32-OK MGA4-64-OK
In VirtualBox, M3, KDE, 32-bit Package(s) under test: rawtherapee default install of rawtherapee [root@localhost wilcal]# urpmi rawtherapee Package rawtherapee-4.0.7-3.mga3.x86_64 is already installed RAW test images from: http://www.rawsamples.ch Opens RAW pics, can modify and save pics in jpeg format install rawtherapee from updates_testing [root@localhost wilcal]# urpmi rawtherapee Package rawtherapee-4.0.7-3.1.mga3.x86_64 is already installed Opens RAW pics, can modify and save pics in jpeg format Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
CC: (none) => wilcal.intWhiteboard: MGA3TOO MGA3-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-64-OK
In VirtualBox, M4, KDE, 32-bit Package(s) under test: rawtherapee default install of rawtherapee [root@localhost wilcal]# urpmi rawtherapee Package rawtherapee-4.0.11-2.mga4.i586 is already installed RAW test images from: http://www.rawsamples.ch Opens RAW pics, can modify and save pics in jpeg format install rawtherapee from updates_testing [root@localhost wilcal]# urpmi rawtherapee Package rawtherapee-4.0.11-2.1.mga4.i586 is already installed Opens RAW pics, can modify and save pics in jpeg format Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) VirtualBox 4.2.16-1.mga3.x86_64.rpm
Whiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK
If everybody's happy, this one's a go.
Validating and advisory uploaded
Keywords: (none) => validated_updateWhiteboard: MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK => MGA3TOO MGA3-32-OK MGA3-64-OK MGA4-32-OK MGA4-64-OK advisoryCC: (none) => tmb, sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0081.html
Status: NEW => RESOLVEDResolution: (none) => FIXED