On Sat, 2012-07-21 at 20:57 -0400, Jay Berkenbilt wrote: > Marc Deslauriers <marc.deslauri...@ubuntu.com> wrote: > > > *** /tmp/tmpgGHwFf/bug_body > > In Ubuntu, the attached patch was applied to achieve the following: > > > > * SECURITY UPDATE: possible arbitrary code execution via heap overflow > > in tiff2pdf. > > - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in > > tools/tiff2pdf.c. > > - CVE-2012-3401 > > > > > > Thanks for considering the patch. > > I will try to get this patch in this weekend. Thanks. Note that > tiff2pdf from the tiff3 package is not actually installed (it comes from > the tiff package, which is 4.x), but I'll still apply the patch to avoid > confusion. I'll certainly apply the patch to the tiff package. >
Yeah, I skipped the tiff3 package in Quantal too for the same reason. Marc. -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
