Control: tags -1 + confirmed
On Tue, 2015-06-09 at 19:53 +0200, Philip Rinn wrote:
rawtherapee is affected by the security issue CVE-2015-3885. It's
marked no-dsa
that's why I want to coordinate the update with you.
I attached the debdiff.
+rawtherapee (4.0.9-4+deb7u1) wheezy-security; urgency=high
+
+ * Add patch debian/patches/04-fix_CVE-2015-3885.patch:
+ - Fix dcraw imput sanitization errors (CVE-2015-3885)
As with the jessie update, please drop "-security" from the
distribution
and go ahead.