Hi Ben and Laszlo, I have a git mirror[1] (git cvsimport) of upstream CVS and right now it's a tad bit confusing which patches are relevant to those CVEs.
I will have more time cherry-picking the patches next week, so if somebody starts the work (even for unstable), I really won't mind. In fact it would be much appreciated. Also feel free to prepare Debian LTS update, I will share relevant patches, but we'll have to prepare security update for jessie and wheezy (+ tiff3 for wheezy), so feel free to take care about this in Debian LTS yourself. Cheers, Ondrej 1. https://github.com/oerdnj/libtiff.git On Thu, Dec 31, 2015, at 01:24, Ben Hutchings wrote: > Hello dear maintainer(s), > > the Debian LTS team would like to fix the security issues which are > currently open in the Squeeze version of tiff: > https://security-tracker.debian.org/tracker/CVE-2015-7554 > https://security-tracker.debian.org/tracker/CVE-2015-8665 > https://security-tracker.debian.org/tracker/CVE-2015-8668 > https://security-tracker.debian.org/tracker/CVE-2015-8683 > > Would you like to take care of this yourself? > > If yes, please follow the workflow we have defined here: > http://wiki.debian.org/LTS/Development > > If that workflow is a burden to you, feel free to just prepare an > updated source package and send it to debian-lts@lists.debian.org > (via a debdiff, or with an URL pointing to the source package, > or even with a pointer to your packaging repository), and the members > of the LTS team will take care of the rest. Indicate clearly whether you > have tested the updated package or not. > > If you don't want to take care of this update, it's not a problem, we > will do our best with your package. Just let us know whether you would > like to review and/or test the updated package before it gets released. > > Thank you very much. > > Ben Hutchings, > on behalf of the Debian LTS team. > > PS: A member of the LTS team might start working on this update at > any point in time. You can verify whether someone is registered > on this update in this file: > https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup > > -- > Ben Hutchings - Debian developer, member of Linux kernel and LTS teams > > > Email had 1 attachment: > + signature.asc > 1k (application/pgp-signature) -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
