[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: squeeze update of tiff?



Hi Ondřej, Ben,

On Thu, Dec 31, 2015 at 10:04 AM, Ondřej Surý <ondrej@debian.org> wrote:
> I have a git mirror[1] (git cvsimport) of upstream CVS and right now
> it's a tad bit confusing which patches are relevant to those CVEs.
 I've packaged 4.0.6, fixed two CVEs and two other vulnerabilities
that don't have an id. However CVE-2015-8668 is not yet fixed by
upstream as I see.

> I will have more time cherry-picking the patches next week, so if
> somebody starts the work (even for unstable), I really won't mind. In
> fact it would be much appreciated.
 I'm going to finish my investigations tomorrow even if my employer
counts on me from 6am. Will do the upload and other fixes can come in
later as upstream commit those.

> Also feel free to prepare Debian LTS update, I will share relevant
> patches, but we'll have to prepare security update for jessie and wheezy
> (+ tiff3 for wheezy), so feel free to take care about this in Debian LTS
> yourself.
 I can do the Wheezy + Jessie updates as well. But I've accepted
Raphaël's advice not to do LTS security work so I follow Ondřej here:
you can do the Squeeze LTS update yourself.

Cheers,
Laszlo/GCS


Reply to: