This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[SECURITY] tiff, libpng

From: "Yaakov (Cygwin/X)" <yselkowitz at users dot sourceforge dot net>
To: cygwin-apps at cygwin dot com
Date: Mon, 23 Jul 2012 16:48:11 -0500
Subject: [SECURITY] tiff, libpng

Chuck,

Security vulnerabilities are accumulating for the tiff package (CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088, CVE-2012-2113, CVE-2012-3401). This can be fixed by updating to 3.9.6 and applying the four patches found here:

http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=tree;h=refs/heads/f17;hb=f17

There are also security vulnerabilities in the libpng packages (CVE-2011-3026, CVE-2011-3048, and now CVE-2012-3386). These need to be updated to the latest 1.4.12, 1.2.50, and 1.0.60 releases.

PLEASE update these packages ASAP.

Yaakov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]