Bug#726874: pu: package darktable/1.0.4-1+deb7u1
Control: tags -1 + pending
On Sun, 2013-10-20 at 21:51 +0100, Adam D. Barratt wrote:
> On Sat, 2013-10-19 at 23:12 -0300, David Bremner wrote:
> > I have prepared a targeted upload which closes two CVEs.
> >
> > These are relatively mild security bugs in the embedded copy of libraw
> > (which cannot be trivially removed, alas).
> >
> > A debdiff is attached. I believe the risk of the update is relatively
> > low, since according to darktable upstream only a few code paths
> > actually use libraw. On the other hand, I did have to monkey with the
> > patch a bit by hand to get it to apply, since libraw upstream provided
> > a patch against a later version.
>
> Assuming the patch has been tested on a stable system, please go ahead;
> thanks.
For the record, the upload occurred and I've just flagged the package
for acceptance; thanks.
Regards,
Adam
Reply to: