[SECURITY] [DLA 243-1] libraw security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 243-1] libraw security update
From: "Matteo F. Vescovi" <mfv@debian.org>
Date: Wed, 10 Jun 2015 22:19:19 +0200
Message-id: <[🔎] 20150610201919.GA13817@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

Package        : libraw
Version        : 0.9.1-1+deb6u1
CVE ID         : CVE-2015-3885
Debian Bug     : 786788

[This DLA supersedes my wrong announcement using DLA 241-1]

CVE-2015-3885:
 Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier
 allows remote attackers to cause a denial of service (crash) via a
 crafted image, which triggers a buffer overflow, related to the len
 variable.

We recommend that you upgrade your libraw packages.


-- 
Matteo F. Vescovi || Debian Developer
GnuPG KeyID: 4096R/0x8062398983B2CF7A

Attachment: signature.asc
Description: Digital signature

Reply to:

Prev by Date: [SECURITY][DLA 241-1] wireshark security update
Next by Date: [SECURITY] [DLA 242-1] imagemagick security update
Previous by thread: [SECURITY][DLA 241-1] wireshark security update
Next by thread: [SECURITY] [DLA 242-1] imagemagick security update
Index(es):
- Date
- Thread