Fedora has issued an advisory on September 19, 2017: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/ Patched packages uploaded for Mageia 7 and Cauldron by Nicolas L. Advisory: ======================== Updated rawtherapee package fixes security vulnerability: There is a floating point exception in dcraw_common.cpp of libRAW. It will lead to remote denial of service attack. This code is embedded in rawtherapee (CVE-2017-13735). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13735 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/CMHXYQOFX5OQSBWNNMCVGJLYXTZHXYTM/ ======================== Updated packages in core/updates_testing: ======================== rawtherapee-5.6-1.1.mga7 from rawtherapee-5.6-1.1.mga7.src.rpm
CC: (none) => mageia
mga7, x64 CVE-2017-13735 https://bugzilla.redhat.com/show_bug.cgi?id=1483988 $ multirender_test POC1 Processing file POC1 Cannot unpack POC1: Input/output error POC1 was downloaded anew but is identical to that used on a bug in July this year and which caused a floating point exception that time. This time there was no cored dump which gives the impression that the issue had been fixed in the interval. Updated the package. $ multirender_test POC1 Processing file POC1 Cannot unpack POC1: Input/output error This confirms that the fault had been repaired. $ rawtherapee-cli -js3 -o kodak_1.jpg -c 'KODAK C603 C643 Format 420 CCDI0001.RAW' RawTherapee, version 5.6, command line. Output is 8-bit integer. Processing: KODAK C603 C643 Format 420 CCDI0001.RAW Cannot use camera white balance. $ display kodak_1.jpg <That looks OK> $ rawtherapee-cli -n -o nikon_1.png -c P7212389.ORF RawTherapee, version 5.6, command line. Output is 8-bit integer. Processing: P7212389.ORF $ eom nikon_1.png <Looks fine - thanks hviaene> $ rawtherapee-cli -t -o canon_3.tif -c RAW_CANON_5D_ARGB.CR2 RawTherapee, version 5.6, command line. Output is 16-bit integer. Processing: RAW_CANON_5D_ARGB.CR2 <canon_3.tif displays OK> Used the gui to modify images from Olympus and Fuji cameras. Also played with previewing options like R G B and saved profiles to .config/RawTherapee/profiles. Have to admit to ignorance regarding their treatment. They have these names: RAW_FUJI_X-T10.RAF.pp3 RAW_OLYMPUS_E5.ORF.pp3 $ rawtherapee . Cannot use camera white balance. .... Saved the first image as a jpeg to the desktop. It is a bit fiddly - the profile has to be added to the processing queue and then 'save immediately' works. The Fuli image was saved as a 16-bit TIFF. The choices are JPEG, PNG and various shades of TIFF. It all works very well.
CC: (none) => tarazed25
Whiteboard: (none) => MGA7-64-OK
Validating. Advisory in Comment 0.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Advisory pushed to SVN.
CC: (none) => ouaurelienKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0004.html
Status: NEW => RESOLVEDResolution: (none) => FIXED