To address CVE-2012-4777, I will be uploading 3.9.4-5+squeeze6 with the
attached differences.
diff -urN ../tiff-3.9.4-5+squeeze5/debian/changelog ./debian/changelog
--- ../tiff-3.9.4-5+squeeze5/debian/changelog 2012-09-26 13:46:28.0
-0400
+++ ./debian/changelog2012-10-05
Lee Garrett lgarr...@programmfabrik.de wrote:
Hi Jay,
thanks for going through the effort of checking up on all CVEs and
packaging it up.
CVE-2012-2088 still affects 3.9.4-5+squeeze5 though. The only other
vulnerability left is tracked in #688944, which was opened just today.
Sorry...I'll
Jay Berkenbilt q...@debian.org wrote:
Lee Garrett lgarr...@programmfabrik.de wrote:
Hi Jay,
thanks for going through the effort of checking up on all CVEs and
packaging it up.
CVE-2012-2088 still affects 3.9.4-5+squeeze5 though. The only other
vulnerability left is tracked in #688944,
Jay Berkenbilt q...@debian.org wrote:
Jay Berkenbilt q...@debian.org wrote:
Lee Garrett lgarr...@programmfabrik.de wrote:
Hi Jay,
thanks for going through the effort of checking up on all CVEs and
packaging it up.
CVE-2012-2088 still affects 3.9.4-5+squeeze5 though. The only other
Please disregard my email in response to this thread on CVE-2012-4777,
which is the wrong number. I have fixed it to be 2012-4447 and have
discussed it in an appropriate thread with the right subject, audience,
and bug number.
--
To UNSUBSCRIBE, email to
Hi Jay,
thanks for going through the effort of checking up on all CVEs and
packaging it up.
CVE-2012-2088 still affects 3.9.4-5+squeeze5 though. The only other
vulnerability left is tracked in #688944, which was opened just today.
--Lee
--
To UNSUBSCRIBE, email to
On 09/23/2012 01:52 PM, Luciano Bello wrote:
The patch looks good for me. I can write the DSA text today. Just a minor
question: CVE-2010-2482 should be fixed in 3.9.4. Did I missed something?
According to the sources linked to in Debian's security-tracker, all
versions up to and including
On Saturday 22 September 2012, Jay Berkenbilt wrote:
Please let me know whether I should do the upload or whether you will
prepare a package for stable-security based on the attached patch.
The patch looks good for me. I can write the DSA text today. Just a minor
question: CVE-2010-2482 should
Lee Garrett lgarr...@programmfabrik.de wrote:
AFAICS stable is still affected by both CVEs. Can you confirm this?
Patches are available in the Ubuntu natty version of libtiff4.
Yes, I can confirm. Sorry about that. I checked against the natty
package, and there are quite a few CVEs that we
Processing commands for cont...@bugs.debian.org:
unarchive 678140
Bug #678140 {Done: Jay Berkenbilt q...@debian.org} [tiff] Two tiff issues:
CVE-2012-2113 / CVE-2012-2088
Unarchived Bug 678140
found 678140 3.9.4-5+squeeze4
Bug #678140 {Done: Jay Berkenbilt q...@debian.org} [tiff] Two tiff
AFAICS stable is still affected by both CVEs. Can you confirm this?
Patches are available in the Ubuntu natty version of libtiff4.
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Moritz Muehlenhoff muehlenh...@univention.de wrote:
Package: tiff
Severity: grave
Tags: security
Two new tiff issues have been repored to Red Hat bugzilla, please see
these bugs for details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2088
Package: tiff
Severity: grave
Tags: security
Two new tiff issues have been repored to Red Hat bugzilla, please see
these bugs for details:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2088
https://bugzilla.redhat.com/show_bug.cgi?id=810551 (CVE-2012-2113)
Cheers,
Moritz
--
13 matches
Mail list logo
