Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 7 Apr 2012 14:45:24 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Cc: Frank Warmerdam <warmerdam@...ox.com>, zdi@...pingpoint.com,
	M Hjkoko <m-hjkoko@...mail.com>
Subject: Re: libtiff tif_getimage.c integer overflow leading
 to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 /
 CVE-2012-1173)

On Sat, Apr 07, 2012 at 03:58:45PM +0400, Solar Designer wrote:

> So far, I am only aware of Mandrake having announced this via
> MDVSA-2012:054 published on April 5.  Some other distros appear to have
> patched the issue or/and have made changelog/bug entries relating to it
> public without issuing an advisory yet.

Not quite, the Debian update was released on the April 4:
http://lists.debian.org/debian-security-announce/2012/msg00077.html

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.