Hi Salvatore,

On Sun, Nov 13, 2016 at 5:07 PM, Salvatore Bonaccorso <[email protected]> wrote:
> Source: tiff
> Version: 4.0.6-3
> Severity: normal
> Tags: security upstream patch
> Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2590
[...]
> There is a potential read out-of-bounds read in _TIFFPrintField() as
> described via http://bugzilla.maptools.org/show_bug.cgi?id=2590 :
[...]
> I was not able to easily follow the reproducer in on my testsetup,
> though from looking at the source it looks present as per 4.0.6-3
> Debian source package.
 Never mind, I don't plan to backport fixes for recent vulnerabilities
of TIFF - upstream noted that 4.0.7 is going to be released _soon_. I
hope one or two days and I'll package that version ASAP.

Regards,
Laszlo/GCS

Reply via email to