Hi all, On Sun, Dec 03, 2023 at 03:05:09PM +0200, Niko Tyni wrote: > On Sun, Dec 03, 2023 at 01:31:19AM +0100, gregor herrmann wrote: > > On Sun, 03 Dec 2023 10:46:50 +1100, Tony Cook wrote: > > > > > > https://github.com/tonycoz/imager/issues/522 > > > Fixed in 1.022, please let me know if you have any more problems. > > > > Thank you! > > 1.022 builds fine in Debian unstable, so I've uploaded it. > > Thanks! > > > > d54ea521f63ec1ed7d8c0fd11c23507600d51143 should be safe to cherry pick > > > back to 1.020 if you don't want all of the 1.021 TIFF changes in > > > the debian stable libimager-perl. > > > > Hm, Debian stable (which has 1.019) is a good question. If libtiff is > > updated there too [0] we might see the same issue there. > > While the stable update tiff_4.5.0-6+deb12u1 has security fixes, it does > not include the change for CVE-2023-6277. The security tracker mentions > it as a minor issue. I also checked earlier that stable is not affected.
But would mean once we will pick CVE-2023-6277 libimager-perl in bookworm or bullseye will break, correct? I have expanded the note on the security-tracker relating to the issue. Regards, Salvatore