severity 352849 serious thanks
Steve Langasek <[EMAIL PROTECTED]> wrote: >> If you think I should leave the bug RC pending a reliable way to >> reproduce the problem in sid, please upgrade. Note also that the >> current sid version contains a security fix that is not in etch, but >> as far as I know, the etch version does not contain the bug. > > Well, I'm really just wondering if there's any way that this bug could be > tripped by a program that could happen to be a MIME type handler by feeding > it a specially-crafted image, leading to arbitrary code execution. It > sounds like there's not enough information available to answer that yet > simply because the segfault isn't reproducible, so please just keep this > possibility in mind while investigating. I've bumped this back up to serious since tiff would transition today with the RC bug cleared. If I determine that there is a security hole here, I'll close the bug by uploading a new version, and we'll just restart the clock. Otherwise, I'll downgrade the bug, wait for 3.8.0-2 to transition, and then upload. I can't see any reason at this stage to rush 3.8.0-2 into etch while this issue is not fully understood. Thanks for your comments. --Jay -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
