On Sun, 11 Oct 2009 07:38:01 am Mehdi Dogguy wrote: > Michael S Gilbert a écrit : > > Package: advi > > Version: 1.6.0-12 > > Severity: serious > > Tags: security > > > > Hi, > > > > The following CVE (Common Vulnerabilities & Exposures) id was > > published for camlimages. advi statically links to camlimages, so any > > issues in that package are also applicable to advi. There were already > > updates to camlimages for etch an lenny, so advi just needs to be > > relinked using those new versions. Please coordinate these updates with > > the security team. > > During last July, Thijs Kinkhorst had some problems to build correctly > build advi on etch because of the LaTeX bomb :) > I've no idea how to fix that issue but, at that time, Moritz Muehlenhoff > mentioned that the problem was fixed in oldstable-proposed and suggested > to use it as a workaround. > Has someone tried to build advi again on etch? Current problem is not to rebuild advi, but that camlimages' tiffread.c seems to be vulnerable as well. This should be fixed first in a follow-up DSA first. Upstream doesn't seem reachable and the fedora guys don't seem to have time either. Maybe you guys want to look into it? Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.