This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [SECURITY] tiff, libpng

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: Charles Wilson <cygwin at cwilson dot fastmail dot fm>, cygwin-apps at cygwin dot com
Date: Tue, 14 Aug 2012 22:05:18 +0200
Subject: Re: [SECURITY] tiff, libpng
References: <500DC69B.3030608@users.sourceforge.net> <20120803075826.GB27106@calimero.vinschen.de>
Reply-to: cygwin-apps at cygwin dot com

Chuck?

Ping 2?

If you don't reply I guess we have to assume you're not with us
anymore.  Which would be too bad.

On Aug  3 09:58, Corinna Vinschen wrote:
> Chuck?
> 
> Ping?  Are you still with us?
> 
> On Jul 23 16:48, Yaakov (Cygwin/X) wrote:
> > Chuck,
> > 
> > Security vulnerabilities are accumulating for the tiff package
> > (CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088,
> > CVE-2012-2113, CVE-2012-3401).  This can be fixed by updating to
> > 3.9.6 and applying the four patches found here:
> > 
> > http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=tree;h=refs/heads/f17;hb=f17
> > 
> > There are also security vulnerabilities in the libpng packages
> > (CVE-2011-3026, CVE-2011-3048, and now CVE-2012-3386).  These need
> > to be updated to the latest 1.4.12, 1.2.50, and 1.0.60 releases.
> > 
> > PLEASE update these packages ASAP.
> > 
> > 
> > Yaakov


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

Follow-Ups:
- Re: [SECURITY] tiff, libpng, automake
  - From: Yaakov (Cygwin/X)

References:
- Re: [SECURITY] tiff, libpng
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]