Hi Jay! Jay Berkenbilt [2005-05-19 5:30 -0400]: > Thanks. Debian Debian security: I am leaving today for vacation and > will be completely unreachable for at least a day or two. I should be > able to deal with the current version today before I leave, so no NMU > should be necessary for the version in sid/sarge. I don't have a way > right now to deal with the version in woody, so I'd have to request > that the security team take care of it as they have done in the past. > I won't have time to deal with it today before I leave, I'm afraid.
libtiff4 isn't even in woody. I didn't check whether this flaw affects woody's TIFF library, though. > Um, sid already has the latest upstream version, so I'm not sure what > you mean, unless 3.7.3 is about to be released. Oh, I faintly remember having read something about a new version, but I didn't check. > I follow the upstream mailing list though and I haven't heard about > it. In this case you should apply the patch to unstable and upload with high urgency so that the version can be pushed into Sarge, I suppose. > Breezy also has the 3.7.2-2ubuntu1 which differs from the debian > version only in that it has already undergone the C++ ABI transition > (for libtiffxx0). Yeah, since yesterday. > Martin, will you take care of applying this patch to the Breezy > version? Yes, of course. :-) It currently doesn't build because of a library of our new X.org, but that's an entirely different problem. I already ported the patch itself. Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntulinux.org Debian Developer http://www.debian.org
signature.asc
Description: Digital signature