Date: Sat, 7 Apr 2012 14:45:24 +0200 From: Moritz Muehlenhoff <jmm@...ian.org> To: oss-security@...ts.openwall.com Cc: Frank Warmerdam <warmerdam@...ox.com>, zdi@...pingpoint.com, M Hjkoko <m-hjkoko@...mail.com> Subject: Re: libtiff tif_getimage.c integer overflow leading to heap overwrite when parsing certain TIFF files (ZDI-CAN-1221 / CVE-2012-1173) On Sat, Apr 07, 2012 at 03:58:45PM +0400, Solar Designer wrote: > So far, I am only aware of Mandrake having announced this via > MDVSA-2012:054 published on April 5. Some other distros appear to have > patched the issue or/and have made changelog/bug entries relating to it > public without issuing an advisory yet. Not quite, the Debian update was released on the April 4: http://lists.debian.org/debian-security-announce/2012/msg00077.html Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.