I had overlooked that bug 595064 was a security bug that fixed CVE-2010-3364. I think perhaps a CVE number had not been assigned when the bug was originally reported. In any case, I upgraded the bug to grave and uploaded tiff-3.9.4-4 with a fix to it. The fix changes one line of code, and I didn't make any other changes to the package. Since this is a security-related fix that should be able to enter testing through unstable, I am requesting a freeze exception. Otherwise, it can be handled through normal security channels. I uploaded it with urgency high and mentioned the CVE number in the changelog.
-- Jay Berkenbilt <q...@debian.org> -- To UNSUBSCRIBE, email to debian-release-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20101002134407.0289400883.qww314...@soup
