On Thu, May 18, 2017 at 09:09:11PM +0200, Salvatore Bonaccorso wrote: > Hi, > > On Thu, May 18, 2017 at 08:12:50PM +0200, László Böszörményi (GCS) wrote: > > Hi Moritz, > > > > On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff <j...@debian.org> wrote: > > > On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote: > > >> Source: tiff > > >> Version: 4.0.5-1 > > >> Severity: important > > >> Tags: security upstream > > >> > > >> the following vulnerability was published for tiff. > > >> > > >> CVE-2015-7554[0]: > > >> invalid write > > > > > > I'm attaching the patch used by Red Hat for RHEL. It doesn't > > > seem to have been sent upstream, but seems sane. > > I miss the patch, did you attach it? > > This one should basically correspond:
Ack that's the correct patch, sorry. Cheers, Moritz