[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cygwin-apps
Subject:    [SECURITY] tiff, libpng
From:       "Yaakov (Cygwin/X)" <yselkowitz () users ! sourceforge ! net>
Date:       2012-07-23 21:48:11
Message-ID: 500DC69B.3030608 () users ! sourceforge ! net
[Download RAW message or body]

Chuck,

Security vulnerabilities are accumulating for the tiff package 
(CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, 
CVE-2012-2113, CVE-2012-3401).  This can be fixed by updating to 3.9.6 
and applying the four patches found here:

http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=tree;h=refs/heads/f17;hb=f17

There are also security vulnerabilities in the libpng packages 
(CVE-2011-3026, CVE-2011-3048, and now CVE-2012-3386).  These need to be 
updated to the latest 1.4.12, 1.2.50, and 1.0.60 releases.

PLEASE update these packages ASAP.


Yaakov
[prev in list] [next in list] [prev in thread] [next in thread]