☰LibTiff Mailing List Archive

2008.08.29 22:53 "[Tiff] Some security fixes from RHEL", by Even Rouault

2008.08.30 02:08 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane
- 2008.09.01 22:18 "Re: [Tiff] libtiff security", by Dmitry V. Levin
2008.08.31 15:17 "Re: [Tiff] Some security fixes from RHEL", by Frank Warmerdam
- 2008.08.31 15:38 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 08:03 "Re: [Tiff] Some security fixes from RHEL", by Andrey Kiselev
- 2008.09.04 20:48 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Edward Lam
  - 2008.09.05 06:18 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Andrey Kiselev
    - 2008.09.04 20:06 "[Tiff] tiffsplit.c broken on Windows in trunk", by Edward Lam
      - 2008.09.04 20:41 "Re: [Tiff] tiffsplit.c broken on Windows in trunk", by Toby Thain
        2008.09.04 21:13 "Re: [Tiff] tiffsplit.c broken on Windows in trunk", by Edward Lam
      - 2008.09.05 06:42 "[Tiff] Re: tiffsplit.c broken on Windows in trunk", by Andrey Kiselev
    - 2008.09.05 13:09 "Re: [Tiff] beta2 release - lfind() problem on Win64", by Edward Lam
2008.09.03 21:01 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
- 2008.09.03 18:13 "Re: [Tiff] Some security fixes from RHEL", by Lee Howard
  - 2008.09.03 18:43 "Re: [Tiff] Some security fixes from RHEL", by Bob Friesenhahn
  - 2008.09.03 20:47 "Re: [Tiff] Some security fixes from RHEL", by Edward Lam
2008.09.03 21:59 "Re: [Tiff] Some security fixes from RHEL", by Even Rouault

2008.08.30 02:08 "Re: [Tiff] Some security fixes from RHEL", by Tom Lane

I'm just curious about how vendors usually interact with libtiff upstream team? It would have been nice if they had dropped a word on it on libtiff bugzilla...

Well, I showed this patch to Frank last week, and the RH security team told me that they had spoken with "the libtiff developers" a couple weeks before that; though I don't know exactly who they contacted.

Right at the moment I'm a bit miffed that no one is taking any interest in http://bugzilla.maptools.org/show_bug.cgi?id=1936 which seems at least as severe from a security standpoint as those LZW issues.

regards, tom lane