Michael Gilbert <mgilb...@debian.org> wrote: > package: src:tiff3 > severity: grave > version: 3.9.6-11 > tag: security > > The tiff package has had multiple security issues recently. tiff3, > being an old version, is also affected by a subset of them, of which I > haven't fully checked yet: > https://security-tracker.debian.org/tracker/source-package/tiff > > It is however clear that tiff3 is affected by at least CVE-2013-1960 > and CVE-2013-1961, but probably a whole lot more: > http://bugs.debian.org/706674 > http://bugs.debian.org/706675 > > Please review and help make the situation in unstable better. We will > also need to issue a dsa for wheezy.
I'll see about backporting these if I can. I'm looking at the security tracker for both packages. I have often been able to backport issues myself, and I have also sometimes mooched off of Red Hat or Ubuntu security teams' backporting of patches. What we really need to do is to get tiff3 out of the archive entirely, but I'm blocked by higher priority transitions. -- Jay Berkenbilt <q...@debian.org> -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
