Hi Salvatore, On Sun, Nov 13, 2016 at 5:07 PM, Salvatore Bonaccorso <[email protected]> wrote: > Source: tiff > Version: 4.0.6-3 > Severity: normal > Tags: security upstream patch > Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2590 [...] > There is a potential read out-of-bounds read in _TIFFPrintField() as > described via http://bugzilla.maptools.org/show_bug.cgi?id=2590 : [...] > I was not able to easily follow the reproducer in on my testsetup, > though from looking at the source it looks present as per 4.0.6-3 > Debian source package. Never mind, I don't plan to backport fixes for recent vulnerabilities of TIFF - upstream noted that 4.0.7 is going to be released _soon_. I hope one or two days and I'll package that version ASAP.
Regards, Laszlo/GCS

