tiff-3.9.4-4 fixes CVE-2010-3364

To: debian-release@lists.debian.org
Subject: tiff-3.9.4-4 fixes CVE-2010-3364
From: Jay Berkenbilt <qjb@debian.org>
Date: Sat, 02 Oct 2010 13:44:07 -0400
Message-id: <[🔎] 20101002134407.0289400883.qww314159@soup>

I had overlooked that bug 595064 was a security bug that fixed
CVE-2010-3364.  I think perhaps a CVE number had not been assigned when
the bug was originally reported.  In any case, I upgraded the bug to
grave and uploaded tiff-3.9.4-4 with a fix to it.  The fix changes one
line of code, and I didn't make any other changes to the package.  Since
this is a security-related fix that should be able to enter testing
through unstable, I am requesting a freeze exception.  Otherwise, it can
be handled through normal security channels.  I uploaded it with urgency
high and mentioned the CVE number in the changelog.

-- 
Jay Berkenbilt <qjb@debian.org>

Reply to:

Follow-Ups:
- Re: tiff-3.9.4-4 fixes CVE-2010-3364
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Prev by Date: Bug#598869: unblock: meta-gnome2/1:2.30+4
Next by Date: Bug#598871: unblock: nautilus/2.30.1-2
Previous by thread: Bug#598869: marked as done (unblock: meta-gnome2/1:2.30+4)
Next by thread: Re: tiff-3.9.4-4 fixes CVE-2010-3364
Index(es):
- Date
- Thread