Package: tiff Severity: important Tags: security Hi, 3.8.0 seems to have introduced two regressions that have DoS potential:
| The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 | allows remote attackers to cause a denial of service (application | crash) via a crafted TIFF image that triggers a NULL pointer | dereference, possibly due to changes in type declarations and/or | the TIFFVSetField function. http://bugzilla.remotesensing.org/show_bug.cgi?id=1029 http://bugzilla.remotesensing.org/show_bug.cgi?id=1034 oldstable and stable do not seem to be affected, can you please verify/ confirm? This is CVE-2006-0405, please mention it in the changelog when fixing it. Cheers, Moritz -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14-2-686 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
