On Sat, 02 Dec 2023 14:24:01 +0200, Niko Tyni wrote: > It regressed with tiff_4.5.1+git230720-2 which is currently blocked from > migrating to trixie because libimager-perl autopkgtests are failing too. > > Changes: > tiff (4.5.1+git230720-2) unstable; urgency=high > . > * Backport security fix for CVE-2023-6277, passing a crafted tiff file to > TIFFOpen() API may allow a remote attacker to cause a denial of service > (closes: #1056751). > > I see libimager-perl upstream has released 1.021 with some tiff related > changes. I haven't checked if those fix the issue, or whether libtiff > is actually broken. Feel free to reassign as needed.
I've imported 1.021 into our git repo yesterday, and there it fails the same way (I hadn't nticed that 1.020 in sid also fails …) So -- is this a bug in Imager or in tiff? Cheers, gregor -- .''`. https://info.comodo.priv.at -- Debian Developer https://www.debian.org : :' : OpenPGP fingerprint D1E1 316E 93A7 60A8 104D 85FA BB3A 6801 8649 AA06 `. `' Member VIBE!AT & SPI Inc. -- Supporter Free Software Foundation Europe `-
signature.asc
Description: Digital Signature
