package/libraw: security bump to version 0.21.4
Fixes the following security issues:
- CVE-2025-43961: metadata/tiff.cpp has an out-of-bounds read in the
Fujifilm 0xf00c tag parser.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43961
- 66fe663e02
- CVE-2025-43962: phase_one_correct in decoders/load_mfbacks.cpp has
out-of-bounds reads for tag 0x412 processing
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43962
- 66fe663e02
- CVE-2025-43963: phase_one_correct in decoders/load_mfbacks.cpp allows
out-of-buffer access
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43963
- be26e7639e
- CVE-2025-43964: tag 0x412 processing in phase_one_correct in
decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values.
For more information, see:
- https://nvd.nist.gov/vuln/detail/CVE-2025-43964
- a50dc3f112
For more details on the version bump, see the release notes:
- https://github.com/LibRaw/LibRaw/releases/tag/0.21.4
- https://github.com/LibRaw/LibRaw/releases/tag/0.21.3
- https://github.com/LibRaw/LibRaw/compare/0.21.2...0.21.4
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
a4249a2024