oss-security - Re: CVE request: libraw: multiple issues

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 29 May 2013 12:00:37 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Raphael Geissert <geissert@...ian.org>
Subject: Re: CVE request: libraw: multiple issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/29/2013 03:18 AM, Raphael Geissert wrote:
> Hi Kurt,
> 
> On 28 May 2013 19:58, Kurt Seifried <kseifried@...hat.com> wrote:
>> On 05/28/2013 02:43 AM, Raphael Geissert wrote:
>>> So there's a double-free (fixed in 0.15.2[3])
> 
> https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6

Please
> 
use CVE-2013-2126 for this issue.

>>> and a buffer overflow (fixed in 0.15.1[2]).
> 
> https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d

Please
> 
use CVE-2013-2127 for this issue.

> Cheers, -- Raphael Geissert - Debian Developer www.debian.org -
> get.debian.net

Thanks


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRpkJEAAoJEBYNRVNeJnmTVZYP/R5M80Qjy91ZN3hoYmsywB7V
KE8Tgwm1LsxWNvoHm5/ml7kEphNwrwPsxJeiKfZG1lql1N3I4Rd3eGLZZCn88WNk
EJ1JeSDxE5XIpApnReXHBfCk3OGsHcotRhGj+7b+LCLqOcQW/f/MPQ3yVSMab8Pz
QhFTg0t2TDthhAEQWi4PbwgVTPEb+UZtWo8gV4EF6rOWC45ZVOg/l5A+V0eBvt3j
7SKRqxCdx5WTd3bK/t6T1jeQQi8BKF0AJ9q36AV5QObEcdvO992BXjt+bGxfwduk
xpkChFcSmO17rd+NDWREO4Xr6AdUGD0JlhNsOD+q4+l51YCeZ5a7pumMwCxGVueE
uBc9ztzvt8HekYgAV3vUgjGAHHistzSVQe9LfvxSwDotzGm6HSMtpvxogOMwXJbF
eTr4AOBdLeV5cEbCZ+wXvLOFxr7AuNoO/by4pEb7YMMTacfFcv4Xy6uPjFQ63STS
AGVn6/kN4ZB3xVZRTUePg+xWsgGUQKkeiWiV0N37JorHrNW2F9IwPLZxU4JqGGWA
mR6HTxDzN1s8IykfuHM8hI/v1AHFr18gcxDlVitcN8zQWtKYXh5leDyEAQf8oLp2
kqo/rljhijQdvhburnPBf91uJjrm7oYnrx4p5PaiG9e9oGEBZdzEe56teVOPUjjR
BMZbIiKtJRQWOlZE9InY
=bs8g
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.