[SECURITY] tiff, libpng
Yaakov (Cygwin/X)
yselkowitz@users.sourceforge.net
Mon Jul 23 21:48:00 GMT 2012
Chuck,
Security vulnerabilities are accumulating for the tiff package
(CVE-2011-0192, CVE-2011-1167, CVE-2012-1173, CVE-2012-2088,
CVE-2012-2113, CVE-2012-3401). This can be fixed by updating to 3.9.6
and applying the four patches found here:
http://pkgs.fedoraproject.org/gitweb/?p=libtiff.git;a=tree;h=refs/heads/f17;hb=f17
There are also security vulnerabilities in the libpng packages
(CVE-2011-3026, CVE-2011-3048, and now CVE-2012-3386). These need to be
updated to the latest 1.4.12, 1.2.50, and 1.0.60 releases.
PLEASE update these packages ASAP.
Yaakov
More information about the Cygwin-apps
mailing list