Package: libtiff4 Version: 3.7.2-2 Severity: critical Tags: security Hi!
Libtiff is vulnerable to another exploitable segfault, see http://bugzilla.remotesensing.org/show_bug.cgi?id=843 for details. However, please don't take the patch attached to that bug report, it's incomplete. Upstream CVS has the complete patch, you can also grab it from http://bugs.gentoo.org/attachment.cgi?id=58276 For Sid you should probably just package the new upstream version, but for Sarge the patch is fine (I already ported it to 3.6.1 for Ubuntu's releases and tested it). Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature