I've just uploaded tiff-3.9.4-5, which fixes RC bug 600188, CVE-2010-3087. The change adds a single patch. I uploaded with urgency high and am requesting a freeze exception. -- Jay Berkenbilt <qjb@debian.org>