Package: libtiff4 Version: 3.7.2-3sarge1 Severity: grave Tags: security Justification: user security hole
As far as I could see, this is not fixed in sarge: Name: CVE-2006-2120 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120 http://bugzilla.remotesensing.org/show_bug.cgi?id=1065 The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read. The function name is actually TIFFXYZToRGB. I am sorry that I am too late for DSA 1054. Cheers, Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
