Date: Tue, 4 Jun 2013 15:51:14 +0200 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: libraw: multiple issues Hi again, On 29 May 2013 20:00, Kurt Seifried <kseifried@...hat.com> wrote: > On 05/29/2013 03:18 AM, Raphael Geissert wrote: >> On 28 May 2013 19:58, Kurt Seifried <kseifried@...hat.com> wrote: >>> On 05/28/2013 02:43 AM, Raphael Geissert wrote: >>>> So there's a double-free (fixed in 0.15.2) >> >> https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6 > > Please use CVE-2013-2126 for this issue. FWIW, I've noticed that libkdcraw and darktable embed copies of libraw that are vulnerable to the double free. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.