2016.09.23 14:36 "[Tiff] LibTIFF vulnerabilities", by Yves Younan
-
2016.09.23 15:15 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
- 2016.09.23 17:03 "Re: [Tiff] LibTIFF vulnerabilities", by Lee Howard
- 2016.10.04 11:19 "Re: [Tiff] LibTIFF vulnerabilities", by Henk Jan Priester
- 2016.10.07 10:15 "Re: [Tiff] Converting TIFFs with old-style JPEG compression", by John Brown
- 2016.09.23 20:50 "Re: [Tiff] LibTIFF vulnerabilities", by Jeff McKenna
2016.09.23 18:04 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
On 09/23/2016 08:15 AM, Bob Friesenhahn wrote:
While a fix may be commited to libtiff CVS expediently, this does not necessarily result in an expedient fix to the millions of copies of libtiff which are already in use.
Ideally there would be a coordinated release that involved packages at as many distributions as possible... RedHat, SuSE, Fedora, Debian, Ubuntu, etc.
Many of the distributions are only willing to apply source patches to already released versions and are not willing to update to the latest release. This is definitely the norm for Debian.
Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/