This is the mail archive of the
cygwin-apps
mailing list for the Cygwin project.
Re: [SECURITY] tiff, libpng
- From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
- To: Charles Wilson <cygwin at cwilson dot fastmail dot fm>
- Cc: cygwin-apps at cygwin dot com
- Date: Fri, 3 Aug 2012 09:58:26 +0200
- Subject: Re: [SECURITY] tiff, libpng
- References: <500DC69B.3030608@users.sourceforge.net>
- Reply-to: cygwin-apps at cygwin dot com
Chuck?
Ping? Are you still with us?
On Jul 23 16:48, Yaakov (Cygwin/X) wrote:
> Chuck,
>
> Security vulnerabilities are accumulating for the tiff package
> (CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088,
> CVE-2012-2113, CVE-2012-3401). This can be fixed by updating to
> 3.9.6 and applying the four patches found here:
>
> http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=tree;h=refs/heads/f17;hb=f17
>
> There are also security vulnerabilities in the libpng packages
> (CVE-2011-3026, CVE-2011-3048, and now CVE-2012-3386). These need
> to be updated to the latest 1.4.12, 1.2.50, and 1.0.60 releases.
>
> PLEASE update these packages ASAP.
>
>
> Yaakov
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Project Co-Leader cygwin AT cygwin DOT com
Red Hat