Hi Salvatore, you are right. I thought this patch has been already merged into upstream git, but it looks like it hasn't. I will upload fixed version to unstable shortly.
Cheers, -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server Knot Resolver (https://www.knot-resolver.cz/) – secure, privacy-aware, fast DNS(SEC) resolver On Mon, Oct 31, 2016, at 14:16, Salvatore Bonaccorso wrote: > Control: reopen -1 > > Hi Ondřej, > > While updating the security-tracker information I noticed: > > On Mon, Oct 31, 2016 at 10:21:15AM +0000, Debian Bug Tracking System > wrote: > [...] > > + [CVE-2016-6911]: invalid read in gdImageCreateFromTiffPtr() > [...] > > For the recently uploaded Version 2.2.3-87-gd0fec80-1. But comparing > this with the patch applied in jessie-security, named > 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch > > Is this patch missing for the unstable upload? > > I'm reopening the bug just to be on the safe side, but happy to be > corrected if I'm wrong! > > Regards, > Salvatore > > -- > pkg-GD-devel mailing list > pkg-gd-de...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-gd-devel
