tiff and CVE-2016-10095

To: jmm@debian.org
Cc: debian-lts@lists.debian.org
Subject: tiff and CVE-2016-10095
From: Guido Günther <agx@sigxcpu.org>
Date: Fri, 2 Jun 2017 10:25:29 +0200
Message-id: <[🔎] 20170602082529.phzpszptjyvuyuqx@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, jmm@debian.org, debian-lts@lists.debian.org

Hi Moritz,
I'm trying to figure out the reasoning for @51764. This marks tiff as
affected by CVE-2016-10095. However from the upstream bug and the
changes we made in wheezy it looks like the changes we made already are
sufficient to fix the issue. Do you have a hint why you think this is
not the case?
Cheers,
 -- Guido

Reply to:

Follow-Ups:
- Re: tiff and CVE-2016-10095
  - From: Moritz Muehlenhoff <jmm@inutil.org>

Prev by Date: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
Next by Date: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
Previous by thread: Re: CVE-2015-9059 (Accepted picocom 1.7-1+deb7u1 (source amd64) into oldstable)
Next by thread: Re: tiff and CVE-2016-10095
Index(es):
- Date
- Thread