[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Missing tiff3 patch in security repo

Hi John,

On Wed, February 18, 2015 14:51, John Goerzen wrote:
> CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page...
>   <http://security-tracker.debian.org/tracker/CVE-2013-1961>
>   - libtiff4 (remotely exploitable, high urgency)

The reason is explained when you follow this link you quote above:

[wheezy] - tiff3 <no-dsa> (the changes that [a]ffect the library are just
hardening, converting uses of sprintf to snprintf. those can be rolled
into the next tiff3 update, but a separate dsa isn't needed)


Reply to: