Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1028383: tiff: Critical CVE CVE-2022-3970 not fixed in stable and old-stable
13 views
Skip to first unread message
Michael Kesper
Jan 10, 2023, 5:40:04 AM1/10/23
to
Source: tiff
Version: 4.2.0-1+deb11u1
Severity: important
Tags: upstream
X-Debbugs-Cc: mke...@web.de
Dear Maintainer,
On https://security-tracker.debian.org/tracker/CVE-2022-3970 it is mentioned that
tiff is prone to critial, remotely attackable CVE-2022-3970.
Versions 4.1.0 (buster) and 4.2.0 are marked as vulnerable.
Shouldn't this require backporting the fix, if applicable?
If the bug does not affect these old versions, could you please change the tracker
entries accordingly?
Thanks for your work!
Best regards
Michael
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-20-amd64 (SMP w/6 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Version: 4.2.0-1+deb11u1
Severity: important
Tags: upstream
X-Debbugs-Cc: mke...@web.de
Dear Maintainer,
On https://security-tracker.debian.org/tracker/CVE-2022-3970 it is mentioned that
tiff is prone to critial, remotely attackable CVE-2022-3970.
Versions 4.1.0 (buster) and 4.2.0 are marked as vulnerable.
Shouldn't this require backporting the fix, if applicable?
If the bug does not affect these old versions, could you please change the tracker
entries accordingly?
Thanks for your work!
Best regards
Michael
-- System Information:
Debian Release: 11.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'proposed-updates'), (500, 'stable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-20-amd64 (SMP w/6 CPU threads)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
0 new messages