Bug#726874: pu: package darktable/1.0.4-1+deb7u1
Control: tags -1 + confirmed
On Sat, 2013-10-19 at 23:12 -0300, David Bremner wrote:
> I have prepared a targeted upload which closes two CVEs.
>
> These are relatively mild security bugs in the embedded copy of libraw
> (which cannot be trivially removed, alas).
>
> A debdiff is attached. I believe the risk of the update is relatively
> low, since according to darktable upstream only a few code paths
> actually use libraw. On the other hand, I did have to monkey with the
> patch a bit by hand to get it to apply, since libraw upstream provided
> a patch against a later version.
Assuming the patch has been tested on a stable system, please go ahead;
thanks.
Regards,
Adam
Reply to: