Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Oct 2016 00:50:36 +0800
From: Ben Woods <>
Subject: dcraw and CVE-2015-8366 + CVE-2015-8367

Hi Dave,

I was wondering if you could comment on whether dcraw is affected by these
2 CVEs and whether new versions have been released which remove the

I noticed you mentioned in the mailing list post below that "CVE-2015-8366
will be fixed in v9.27" - did that end up getting fixed in 9.27? How about

Index overflow in smal_decode_segment
Fixed in LibRaw by:

Memory objects are not intialized properly
Fixed in LibRaw by:

Thanks for your help.


From: Benjamin Woods

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ