Re: CVE-2017-9935 / tiff
Brian May <bam@debian.org> writes:
> Now to see if the patch will apply to the older tiff3, also in wheezy.
Done.
I note that the previous version of tiff3 is a security update for
tiff2pdf.
However I also note that - for the tiff3 package - we don't build a
binary for tiff2pdf. The newer tiff package is used instead.
Hence I am wondering if it is worthwhile creating a fixed version of
tiff3 when the only changes will be the source?
There is the small change to the library function, however I very much
doubt this is going to have any impact without the client.
Regards
--
Brian May <bam@debian.org>
Reply to: