libraw (0.20.2-2ubuntu2.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2025-43961-CVE-2025-43962.patch: Check
size of head array values
- CVE-2025-43961
- CVE-2025-43962
- debian/patches/CVE-2025-43963.patch: check split_col/split_row
values in phase_one_correct
- CVE-2025-43963
* SECURITY UPDATE: Malformed input
- debian/patches/CVE-2025-43964.patch: additional checks in PhaseOne
correction tag 0x412 processing
- CVE-2025-43964
-- Bruce Cable <bruce.cable@canonical.com> Mon, 28 Apr 2025 14:02:47 +1000
libraw (0.20.2-2ubuntu2.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow
- debian/patches/CVE-2021-32142.patch: check for input buffer size on
datastream::gets in src/libraw_datastream.cpp.
- CVE-2021-32142
* SECURITY UPDATE: heap-buffer-overflow in raw2image_ex()
- debian/patches/CVE-2023-1729.patch: do not set shrink flag for 3/4
component images in src/preprocessing/raw2image.cpp.
- CVE-2023-1729
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 01 Jun 2023 13:03:58 -0400
libraw (0.20.2-2ubuntu2) jammy; urgency=high
* No change rebuild for ppc64el baseline bump.
-- Julian Andres Klode <juliank@ubuntu.com> Thu, 24 Mar 2022 13:14:52 +0100
libraw (0.20.2-2ubuntu1) jammy; urgency=medium
* Merge with/Rebase on Debian. Remaining changes:
- Mark C++ template instantiation symbols optional (LP: #1917756)
- Mark symbols as optional not seen when building with lto
-- Heather Ellsworth <heather.ellsworth@canonical> Tue, 23 Nov 2021 20:37:09 +0000
libraw (0.20.2-2) unstable; urgency=medium
* debian/watch: bump version 3 -> 4
* debian/control: S-V bump 4.5.0 -> 4.6.0 (no changes needed)
* debian/libraw-doc.docs: install cpp samples (Closes: #994019)
* debian/libraw-bin.install: move sample binaries to usr/bin
* debian/NEWS: added to describe sample binaries move
* debian/rules:
- drop useless linker flags
- hardening options added
-- Matteo F. Vescovi <mfv@debian.org> Sat, 11 Sep 2021 16:56:07 +0200
libraw (0.20.2-1) unstable; urgency=medium
* New upstream release
-- Matteo F. Vescovi <mfv@debian.org> Mon, 19 Oct 2020 23:00:12 +0200
libraw (0.20.0-4) unstable; urgency=medium
* Upload to unstable
* debian/libraw20.symbols: drop duplicates and
restrict to 64 bits
-- Matteo F. Vescovi <mfv@debian.org> Tue, 18 Aug 2020 15:45:30 +0200
libraw (0.20.0-3) experimental; urgency=medium
* debian/libraw20.symbols: drop MISSING and update others
-- Matteo F. Vescovi <mfv@debian.org> Tue, 04 Aug 2020 23:43:02 +0200
libraw (0.20.0-2) experimental; urgency=medium
* debian/libraw20.symbols: file updated
-- Matteo F. Vescovi <mfv@debian.org> Tue, 04 Aug 2020 21:11:25 +0200
libraw (0.20.0-1) experimental; urgency=medium
[ Matteo F. Vescovi ]
* New upstream release
This release fixes CVE-2020-15503:
| LibRaw before 0.20-RC1 lacks a thumbnail size range check.
| This affects decoders/unpack_thumb.cpp,
| postprocessing/mem_image.cpp, and utils/thumb_utils.cpp.
| For example,
| malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs
| without validating T.tlength.
* debian/: SONAME bump 19 -> 20
* debian/control:
- debhelper bump 12 -> 13
- S-V bump 4.4.0 -> 4.5.0 (no changes needed)
- RRR set
* debian/tests/smoketest: path adapted
* debian/copyright: entries for unused files and licenses removed
* debian/rules: drop useless files installation
* debian/libraw20.symbols: missing and new symbols added
[ Sebastien Bacher ]
* debian/tests/build: use the correct compiler for
autopkgtest cross-testing. (Closes: #954886)
-- Matteo F. Vescovi <mfv@debian.org> Thu, 30 Jul 2020 00:09:36 +0200
# For older changelog entries, run 'apt-get changelog libraw-doc'
Generated by dwww version 1.14 on Sun Aug 17 23:45:48 CEST 2025.