I applied the fix for this CVE. Patch attached.
However, then I found out I can't reproduce the bug under Debian/Jessie,
with or without the security update.
Version 4.0.3-12.3+deb8u7 in Jessie+security:
(jessie-i386-default)root@silverfish:/home/brian/tree/debian/lts/packages/tiff/tiff-4.0.3#
On 07/11/2018 18:48, Emilio Pozuelo Monfort wrote:
> Package: libdatetime-timezone-perl
> Version: 1:1.75-2+2018g
>
> This update includes the changes in tzdata 2018g for the
> Perl bindings. For the list of changes, see DLA-1363-1.
DLA-1363-1 is about ghostscript. The correct one
El 07/11/18 a las 16:59, Brian May escribió:
> I see libdatetime-timezone-perl is in dla-needed.txt, but I can't see
> *any* security vulnerabilies in
> https://security-tracker.debian.org/tracker/source-package/libdatetime-timezone-perl
I included it to dla-needed. It doesn't have any known secur
On Wed, Nov 07, 2018 at 04:59:05PM +1100, Brian May wrote:
> I see libdatetime-timezone-perl is in dla-needed.txt, but I can't see
> *any* security vulnerabilies in
> https://security-tracker.debian.org/tracker/source-package/libdatetime-timezone-perl
There's no security issue in libdatetime-timez
Hi Brian,
> I see libdatetime-timezone-perl is in dla-needed.txt, but I can't see
> *any* security vulnerabilies in
> https://security-tracker.debian.org/tracker/source-package/libdatetime-timezone-perl
I believe it was added by Santiago in:
https://salsa.debian.org/security-tracker-team/secu