On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote: > Source: tiff > Version: 4.0.5-1 > Severity: important > Tags: security upstream > > Hi, > > the following vulnerability was published for tiff. > > CVE-2015-7554[0]: > invalid write
I'm attaching the patch used by Red Hat for RHEL. It doesn't seem to have been sent upstream, but seems sane. Cheers, Moritz