Security Information / 2013 / Security Information -- DSA-2748-1 exactimage

Debian Security Advisory

DSA-2748-1 exactimage -- denial of service

Date Reported:

01 Sep 2013

Affected Packages:

exactimage

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 721236.
In Mitre's CVE dictionary: CVE-2013-1438.

More information:

Several denial-of-service vulnerabilities were discovered in the dcraw code base, a program for procesing raw format images from digital cameras. This update corrects them in the copy that is embedded in the exactimage package.

For the oldstable distribution (squeeze), this problem has been fixed in version 0.8.1-3+deb6u2.

For the stable distribution (wheezy), this problem has been fixed in version 0.8.5-5+deb7u2.

For the unstable distribution (sid), this problem has been fixed in version 0.8.9-1.

We recommend that you upgrade your exactimage packages.