[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SECURITY] [PATCH] gnu: libraw: Update to 0.17.2.
|
From: |
Alex Vong |
|
Subject: |
[SECURITY] [PATCH] gnu: libraw: Update to 0.17.2. |
|
Date: |
Fri, 14 Oct 2016 22:02:58 +0800 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/25.1 (gnu/linux) |
Hi,
I find out that our libraw (0.17.0) is vulnerable to CVE-2015-{8366,
8367}[0], which is fixed in 0.17.1[1]. The patch below updates libraw to
0.17.2.
From 4618436db68adbb74f01eb8e771a448cd20e415f Mon Sep 17 00:00:00 2001
From: Alex Vong <address@hidden>
Date: Fri, 14 Oct 2016 21:45:47 +0800
Subject: [PATCH] gnu: libraw: Update to 0.17.2.
* gnu/packages/photo.scm (libraw): Update to 0.17.2.
---
gnu/packages/photo.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 8eb5337..f4d110e 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -51,14 +51,14 @@
(define-public libraw
(package
(name "libraw")
- (version "0.17.0")
+ (version "0.17.2")
(source (origin
(method url-fetch)
(uri (string-append "http://www.libraw.org/data/LibRaw-";
version ".tar.gz"))
(sha256
(base32
- "043kckxjqanw8dl3m9f6kvsf0l20ywxmgxd1xb0slj6m8l4w4hz6"))))
+ "0p6imxpsfn82i0i9w27fnzq6q6gwzvb9f7sygqqakv36fqnc9c4j"))))
(build-system gnu-build-system)
(home-page "http://www.libraw.org";)
(synopsis "Raw image decoder")
--
2.10.1
I think we really need a security tracker as suggested earlier (by Leo I
think), because the bug was disclosed in Dec 2015, so our libraw is
being vulnerable for 3/4 year, which is pretty scary!
Alex
[0]: https://security-tracker.debian.org/tracker/source-package/libraw
[1]:
https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
signature.asc
Description: PGP signature
- [SECURITY] [PATCH] gnu: libraw: Update to 0.17.2.,
Alex Vong <=