Version franaise
Home About Download Resources Contact us

This site is updated infrequently. For up-to-date information, please visit the new OCaml website at

Browse thread
New 3.0.2 release of the Caml Images library
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: 2009-12-17 (11:57)
From: Mehdi Dogguy <mehdi.dogguy@p...>
Subject: Re: [Caml-list] New 3.0.2 release of the Caml Images library
Pierre Weis wrote:
> This is a bug fix release.

There is still a security issue not fixed in this release which concerns
TIFF images. A CVE has been announced a while ago:

I tried to contact the authors (one month ago) but received no answer
yet. That's why I'm sending this message on the list: to let users and
packagers know about the bug.

The vulenarable file is “src/tiffread.c”. The patch is available at:

and the source code of “oversized.h” is available at:

These changes are applied in the Debian packages and were backported to
the stable and oldstable releases.

Best regards,

Mehdi Dogguy مهدي الدڤي
Tel.: (+33).