tiff-3.9.4-4 fixes CVE-2010-3364
I had overlooked that bug 595064 was a security bug that fixed
CVE-2010-3364. I think perhaps a CVE number had not been assigned when
the bug was originally reported. In any case, I upgraded the bug to
grave and uploaded tiff-3.9.4-4 with a fix to it. The fix changes one
line of code, and I didn't make any other changes to the package. Since
this is a security-related fix that should be able to enter testing
through unstable, I am requesting a freeze exception. Otherwise, it can
be handled through normal security channels. I uploaded it with urgency
high and mentioned the CVE number in the changelog.
--
Jay Berkenbilt <qjb@debian.org>
Reply to: