|
|
Subscribe / Log in / New account

Fedora alert FEDORA-2025-e7dea91428 (mingw-LibRaw)



From:
              updates--- via package-announce <package-announce@lists.fedoraproject.org>


To:
              package-announce@lists.fedoraproject.org


Subject:
              [SECURITY] Fedora 41 Update: mingw-LibRaw-0.21.4-1.fc41


Date:
              Wed, 30 Apr 2025 01:38:47 +0000


Message-ID:
              <20250430013847.E3D8B203D388@bastion01.iad2.fedoraproject.org>


Archive-link:
              Article


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-e7dea91428
2025-04-30 01:36:38.945390+00:00
--------------------------------------------------------------------------------

Name        : mingw-LibRaw
Product     : Fedora 41
Version     : 0.21.4
Release     : 1.fc41
URL         : http://www.libraw.org
Summary     : Library for reading RAW files obtained from digital photo cameras
Description :
MinGW Windows LibRaw library.

--------------------------------------------------------------------------------
Update Information:

Update to LibRaw 0.21.4.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 16 2025 Sandro Mani <manisandro@gmail.com> - 0.21.4-1
- Update to 0.21.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2361338 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361338
  [ 2 ] Bug #2361343 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361343
  [ 3 ] Bug #2361348 - CVE-2025-43963 mingw-LibRaw: out-of-buffer access [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361348
  [ 4 ] Bug #2361356 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in
Input in LibRaw [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361356
  [ 5 ] Bug #2361361 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in
Input in LibRaw [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361361
  [ 6 ] Bug #2361366 - CVE-2025-43964 mingw-LibRaw: Improper Validation of Specified Quantity in
Input in LibRaw [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361366
  [ 7 ] Bug #2361374 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's
phase_one_correct Function [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361374
  [ 8 ] Bug #2361379 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's
phase_one_correct Function [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361379
  [ 9 ] Bug #2361384 - CVE-2025-43962 mingw-LibRaw: Out-of-Bounds Read in LibRaw's
phase_one_correct Function [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361384
  [ 10 ] Bug #2361401 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag
Parser in LibRaw [fedora-40]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361401
  [ 11 ] Bug #2361406 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag
Parser in LibRaw [fedora-41]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361406
  [ 12 ] Bug #2361411 - CVE-2025-43961 mingw-LibRaw: Out-of-Bounds Read in Fujifilm 0xf00c Tag
Parser in LibRaw [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2361411
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-e7dea91428' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds