Subject: Re: Tiff package
To: None <reed@reedmedia.net>
From: Takahiro Kambe <taca@back-street.net>
List: tech-pkg
Date: 01/26/2005 17:37:53
Hi,

In message <Pine.LNX.4.43.0501171039300.27246-100000@pilchuck.reedmedia.net>
	on Mon, 17 Jan 2005 10:49:42 -0800 (PST),
	"Jeremy C. Reed" <reed@reedmedia.net> wrote:
> The tiff in pkgsrc-2004Q4 was updated. I applied patches to the 3.6.1
> version and it was pulled up to pkgsrc-2004Q4 (in ticket 174).
With pkgsrc-2004Q4 branch, tiff package still seems to marked as
vulnerabile.

===> Checking for vulnerabilities in tiff-3.6.1nb6
*** WARNING - remote-code-execution vulnerability in tiff-3.6.1nb6 - see http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1308 for more information ***
or define ALLOW_VULNERABLE_PACKAGES if this package is absolutely essential
*** Error code 255

-- 
Takahiro Kambe <taca@back-street.net>