On Sun, Dec 03, 2023 at 01:31:19AM +0100, gregor herrmann wrote: > On Sun, 03 Dec 2023 10:46:50 +1100, Tony Cook wrote: > > > > https://github.com/tonycoz/imager/issues/522 > > Fixed in 1.022, please let me know if you have any more problems. > > Thank you! > 1.022 builds fine in Debian unstable, so I've uploaded it.
Thanks! > > d54ea521f63ec1ed7d8c0fd11c23507600d51143 should be safe to cherry pick > > back to 1.020 if you don't want all of the 1.021 TIFF changes in > > the debian stable libimager-perl. > > Hm, Debian stable (which has 1.019) is a good question. If libtiff is > updated there too [0] we might see the same issue there. While the stable update tiff_4.5.0-6+deb12u1 has security fixes, it does not include the change for CVE-2023-6277. The security tracker mentions it as a minor issue. I also checked earlier that stable is not affected. > So I guess we don't have to do anything here, and if reality is > different than my tests, we can pull in > d54ea521f63ec1ed7d8c0fd11c23507600d51143 -- thanks for the pointer! Agreed & thanks again :) -- Niko