Source: tiff Version: 4.2.0-1+deb11u1 Severity: important Tags: upstream X-Debbugs-Cc: [email protected]
Dear Maintainer, On https://security-tracker.debian.org/tracker/CVE-2022-3970 it is mentioned that tiff is prone to critial, remotely attackable CVE-2022-3970. Versions 4.1.0 (buster) and 4.2.0 are marked as vulnerable. Shouldn't this require backporting the fix, if applicable? If the bug does not affect these old versions, could you please change the tracker entries accordingly? Thanks for your work! Best regards Michael -- System Information: Debian Release: 11.6 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-20-amd64 (SMP w/6 CPU threads) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
