Re: claiming tiff

[Emilio Pozuelo Monfort]

On 26/06/16 16:10, Bálint Réczey wrote:
> Added that information in dla-needed.txt.

Thanks. I added links to each cve in data/CVE/list but forgot to add a note to
dla-needed.

> In that case I don't claim them yet. Let's see how upstream responds.

OK.

Cheers,
Emilio

Re: claiming tiff

[Bálint Réczey]

Hi Emilio,

2016-06-26 9:58 GMT+02:00 Emilio Pozuelo Monfort :
> On 26/06/16 02:19, Bálint Réczey wrote:
>> Hi,
>>
>> There are newly discovered vulnerabilities in tiff [1].
>>
>> I no one objects I plan looking into them and working with the
>> maintainer(s) to get them fixed in Wheezy LTS and in newer
>> releases.
>
> I looked at this yesterday. These CVEs aren't fixed upstream yet. I forwarded
> all the new CVEs (and some old ones) to upstream yesterday, so hopefully that
> will change.

Added that information in dla-needed.txt.
In that case I don't claim them yet. Let's see how upstream responds.

Thanks!

Cheers,
Balint

Re: claiming tiff

[Emilio Pozuelo Monfort]

On 26/06/16 02:19, Bálint Réczey wrote:
> Hi,
> 
> There are newly discovered vulnerabilities in tiff [1].
> 
> I no one objects I plan looking into them and working with the
> maintainer(s) to get them fixed in Wheezy LTS and in newer
> releases.

I looked at this yesterday. These CVEs aren't fixed upstream yet. I forwarded
all the new CVEs (and some old ones) to upstream yesterday, so hopefully that
will change.

Cheers,
Emilio