Hi John, On Wed, February 18, 2015 14:51, John Goerzen wrote: > CVE-2013-1961 Stack-based buffer overflow in the t2p_write_pdf_page... > <http://security-tracker.debian.org/tracker/CVE-2013-1961> > - libtiff4 (remotely exploitable, high urgency)
The reason is explained when you follow this link you quote above: [wheezy] - tiff3 <no-dsa> (the changes that [a]ffect the library are just hardening, converting uses of sprintf to snprintf. those can be rolled into the next tiff3 update, but a separate dsa isn't needed) Cheers, Thijs -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
