Re: Missing tiff3 patch in security repo

On Wed, February 18, 2015 18:50, John Goerzen wrote: > On 02/18/2015 08:53 AM, Thijs Kinkhorst wrote: >> Hi John, >> >> On Wed, February 18, 2015 14:51, John Goerzen wrote: >>> CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page... >>>

Re: Missing tiff3 patch in security repo

On Wed, Feb 18, 2015 at 12:50 PM, John Goerzen wrote: >> [wheezy] - tiff3 (the changes that [a]ffect the library are just >> hardening, converting uses of sprintf to snprintf. those can be rolled >> into the next tiff3 update, but a separate dsa isn't needed) >> >> > I saw that too, though the bug

Re: Missing tiff3 patch in security repo

On 02/18/2015 08:53 AM, Thijs Kinkhorst wrote: > Hi John, > > On Wed, February 18, 2015 14:51, John Goerzen wrote: >> CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page... >> >> - libtiff4 (remotely exploitable, high ur

Re: Missing tiff3 patch in security repo

Hi John, On Wed, February 18, 2015 14:51, John Goerzen wrote: > CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page... > > - libtiff4 (remotely exploitable, high urgency) The reason is explained when you follow this li

Missing tiff3 patch in security repo

Hi folks, I've been going through the output of debsecan on my systems (more on that later). For the moment, I have discovered something odd regarding a tiff advisory. Debsecan noted this on my wheezy machine: CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page...