[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-9935 / tiff

Brian May <bam@debian.org> writes:

> Now to see if the patch will apply to the older tiff3, also in wheezy.


I note that the previous version of tiff3 is a security update for

However I also note that - for the tiff3 package - we don't build a
binary for tiff2pdf. The newer tiff package is used instead.

Hence I am wondering if it is worthwhile creating a fixed version of
tiff3 when the only changes will be the source?

There is the small change to the library function, however I very much
doubt this is going to have any impact without the client.

Brian May <bam@debian.org>

Reply to: