Re: tiff-3.9.4-4 fixes CVE-2010-3364
On Sat, 2010-10-02 at 13:44 -0400, Jay Berkenbilt wrote:
> I had overlooked that bug 595064 was a security bug that fixed
> CVE-2010-3364. I think perhaps a CVE number had not been assigned when
> the bug was originally reported. In any case, I upgraded the bug to
> grave and uploaded tiff-3.9.4-4 with a fix to it. The fix changes one
> line of code, and I didn't make any other changes to the package. Since
> this is a security-related fix that should be able to enter testing
> through unstable, I am requesting a freeze exception. Otherwise, it can
> be handled through normal security channels. I uploaded it with urgency
> high and mentioned the CVE number in the changelog.
Unblocked.
Regards,
Adam
Reply to: