2212936 – Rebase to 0.21.1 or later

This bug has been migrated to another issue tracking site. It has been closed here and may no longer be being monitored.

If you would like to get updates for this issue, or to participate in it, you may do so at Red Hat Issue Tracker .

Bug 2212936 - Rebase to 0.21.1 or later

Summary: Rebase to 0.21.1 or later

Keywords:
Status:	CLOSED MIGRATED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	LibRaw
Sub Component:
Version:	9.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Debarshi Ray
QA Contact:	Tomas Pelka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2188284 2212944
TreeView+	depends on / blocked

Reported:	2023-06-06 16:16 UTC by Debarshi Ray
Modified:	2023-07-12 10:57 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-07-12 06:03:46 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHEL-768	0	None	None	None	2023-07-12 10:57:14 UTC
Red Hat Issue Tracker	RHELPLAN-159106	0	None	None	None	2023-06-06 16:20:19 UTC

Description Debarshi Ray 2023-06-06 16:16:33 UTC

Currently, RHEL 9 has LibRaw 0.20.2, which no longer receives CVE fixes upstream and we don't have the resources to backport and test them downstream.  It will be wise to rebase to a more recent LibRaw branch (ie., 0.21.x).  It will prepare us for sufficiently important CVEs that need to be fixed in z-streams without a rebase.

Comment 1 Debarshi Ray 2023-06-06 16:23:29 UTC

It will be good to throw in the commit for CVE-2023-1729 (bug 2188284):
https://github.com/LibRaw/LibRaw/commit/477e0719ffc07190c89b4f3d12d51b1292e75828

Note You need to log in before you can comment on or make changes to this bug.