libraw (0.15.4-1ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: Multiple memory management issues
    - debian/patches/CVE-2018-5807_5810.patch: out-of-bounds read and NULL
      pointer dereference in dcraw/dcraw.c and internal/dcraw_common.cpp
    - CVE-2018-5807
    - CVE-2018-5810
  * SECURITY UPDATE: Infinite loop
    - debian/patches/CVE-2018-5813.patch: infinite loop in dcraw/dcraw.c
      and internal/dcraw_common.cpp
    - CVE-2018-5813

 -- Alex Murray <alex.murray@canonical.com>  Wed, 05 Dec 2018 13:54:32 +1030

libraw (0.15.4-1ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer overflow in panasonic_load_raw
    - debian/patches/CVE-2017-16909.patch: add more bounds checking to
      dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h.
    - CVE-2017-16909
  * SECURITY UPDATE: invalid read in xtrans_interpolate
    - debian/patches/CVE-2017-16910.patch: add checks and proper
      initialization to dcraw/dcraw.c.
    - CVE-2017-16910
  * SECURITY UPDATE: multiple security issues
    - debian/patches/CVE-2018-580x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp, src/libraw_cxx.cpp.
    - CVE-2018-5800
    - CVE-2018-5801
    - CVE-2018-5802
  * SECURITY UPDATE: image size and alloc issues
    - debian/patches/security_0.18.8_1.patch: add more checks to
      dcraw/dcraw.c, internal/dcraw_common.cpp, libraw/libraw_const.h,
      src/libraw_cxx.cpp.
    - No CVE number
  * SECURITY UPDATE: Secunia #81000 security issues
    - debian/patches/security_0.18.8_2.patch: add more checks to
      dcraw/dcraw.c, internal/dcraw_common.cpp.
    - No CVE number

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 30 Mar 2018 10:11:50 -0400

libraw (0.15.4-1ubuntu0.1) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in ljpeg_start
    - debian/patches/CVE-2015-3885.patch: use ushort in dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2015-3885
  * SECURITY UPDATE: index overflow and lack of initialization
    - debian/patches/CVE-2015-836x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp, add proper initialization to
      src/libraw_cxx.cpp.
    - CVE-2015-8366
    - CVE-2015-8367
  * SECURITY UPDATE: memory corruption in parse_tiff_ifd
    - debian/patches/CVE-2017-688x.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-6886
    - CVE-2017-6887
  * SECURITY UPDATE: floating point exception in kodak_radc_load_raw
    - debian/patches/CVE-2017-13735.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-13735
  * SECURITY UPDATE: buffer overflow in xtrans_interpolate
    - debian/patches/CVE-2017-14265.patch: add checks to dcraw/dcraw.c.
    - CVE-2017-14265
  * SECURITY UPDATE: out of bounds read in kodak_65000_load_raw
    - debian/patches/CVE-2017-14608.patch: add checks to dcraw/dcraw.c,
      internal/dcraw_common.cpp.
    - CVE-2017-14608

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 16 Nov 2017 14:15:58 -0500

libraw (0.15.4-1) unstable; urgency=low

  * Team upload.
  * New upstream release.
    - Fix for CVE-2013-1438 (Closes: #721231).
    - Fix for CVE-2013-1439 (Closes: #721338).
    - Fix segmentaition fault when unprocessed_raw is passed -s option
      wihout any parameter (Closes: #716423).
  * debian/patches/4channels_parameter.patch:
    - Dropped, applied upstream.
  * debian/patches/typo.patch:
    - Dropped, applied upstream.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 05 Oct 2013 17:53:47 +0200

libraw (0.15.3-1) unstable; urgency=low

  * Team upload to unstable.
  * New upstream release (Closes: #710353).
    - Fix error handling for broken full-color images - CVE-2013-2126.
    - Fix wrong data_maximum calcluation - CVE-2013-2127.
  * debian/patches/4channels_parameter.patch:
    - Fix segmentaition fault when 4channel is passed -s option without
       any parameter (Closes: #715577).

 -- Luca Falavigna <dktrkranz@debian.org>  Wed, 10 Jul 2013 21:20:09 +0200

libraw (0.15.1-1) experimental; urgency=low

  * Team upload.
  * New upstream release.
  * debian/patches/typo.patch:
    - Fix typo in help output.
  * debian/control:
    - Build-depend on dh-autoreconf.
    - Build-depend on libjpeg8-dev | libjpeg-dev.
    - Replace libraw5 with libraw9, SONAME changed.
    - libraw-dev depends on libraw9 accordingly.
  * debian/copyright:
    - Update copyright years.
  * debian/libraw9.install:
    - Renamed from libraw5.install to match new binary.
  * debian/libraw9.symbols.amd64:
    - Renamed from libraw9.symbols.amd64 to match new binary.
  * debian/rules:
    - Build with autoreconf support.
    - Build with DNG support (Closes: #699356).
    - Pass "-Wl,-z,defs -Wl,--as-needed" to LDFLAGS.
    - Update dh_makeshlibs call to match new binary.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 25 May 2013 02:50:14 +0200

libraw (0.14.7-2) unstable; urgency=low

  * Team upload.
  * Upload to unstable.
  * debian/control:
    - Remove deprecated DM-Upload-Allowed field.
    - Bump Standards-Version to 3.9.4.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 12 May 2013 20:47:35 +0200

libraw (0.14.7-1) experimental; urgency=low

  * Team upload.
  * New upstream release (Closes: #682982).
  * debian/control:
    - Add DM-Upload-Allowed field.
  * debian/watch:
    - Use new redirector librawredir.debian.net.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 25 Aug 2012 13:35:59 +0200

libraw (0.14.6-2) unstable; urgency=low

  * Team upload.
  * debian/control:
    - Add liblcms2-dev to libraw-dev Depends field.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 27 May 2012 12:16:53 +0200

libraw (0.14.6-1) unstable; urgency=low

  * Team upload to unstable.
  * New upstream release.
  * Multi-arch support.
  * debian/compat:
    - Bump compatibility level to 9.
  * debian/control:
    - Bump Standards-Version to 3.9.3.
  * debian/copyright:
    - Update copyright years.
    - Format now points to copyright-format site.
  * debian/libraw5.symbols.amd64:
    - Refresh symbols file.
  * debian/rules:
    - Bump minimum version in dh_makeshlibs to 0.14.6.

 -- Luca Falavigna <dktrkranz@debian.org>  Sun, 06 May 2012 17:59:10 +0200

libraw (0.14.0-1) experimental; urgency=low

  * Team upload.
  * New upstream release.
  * debian/control:
    - Replace libraw2 with libraw5, SONAME changed.
    - libraw-dev depends on libraw5 accordingly.
    - Build-depend on pkg-config, libjasper-dev and liblcms2-dev.
  * debian/libraw5.install:
    - Renamed from libraw2.install to match new binary.
  * debian/libraw5.symbols.amd64:
    - Renamed from libraw2.symbols.amd64 to match new binary.
  * debian/rules:
    - Update dh_makeshlibs call to match new binary.

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 24 Sep 2011 15:32:39 +0200

libraw (0.13.8-1) unstable; urgency=low

  * Team upload.
  * New upstream release.
  * debian/control:
    - Add Debian Shotwell Maintainers to Maintainers.
    - Move Devid to Uploaders.
    - Add autotools-dev to Build-Depends.
    - Add libraw2 package, who provides the shared library.
    - Add libraw2-bin package, who provides some tools to
      manipulate RAW files.
    - Bump Standards-Version to 3.9.2, no changes required.
  * debian/copyright:
    - Update copyright information.
  * debian/rules:
    - Build with autotools_dev to regenerate config.{sub,guess}.
    - Manually set prefix to install shared library correctly.
  * debian/watch:
    - Upstream disabled listing support, watch file is no-op now.

 -- Luca Falavigna <dktrkranz@debian.org>  Mon, 22 Aug 2011 20:45:22 +0200

libraw (0.13.1-2) unstable; urgency=low

  * Set myself as maintainer (Closes: #613870).
  * debian/control: add Timo Witte to Uploaders field.
  * debian/install: install *.pc files in /usr/lib/pkgconfig (Closes: #613777).

 -- Devid Antonio Filoni <d.filoni@ubuntu.com>  Fri, 04 Mar 2011 20:48:20 +0100

libraw (0.13.1-1) unstable; urgency=low

  * New upstream release (Closes: #607139).
  * debian/control:
    - Bump Standards-Version to 3.9.1, no changes required.
  * debian/copyright:
    - Update copyright years.

 -- Luca Falavigna <dktrkranz@debian.org>  Tue, 08 Feb 2011 22:53:51 +0100

libraw (0.9.1-1) unstable; urgency=low

  * Initial release (Closes: #578830).

 -- Luca Falavigna <dktrkranz@debian.org>  Sat, 12 Jun 2010 10:09:37 +0200
