AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2016.09.23 14:36 "[Tiff] LibTIFF vulnerabilities", by Yves Younan
2016.09.23 15:15 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
2016.09.23 17:03 "Re: [Tiff] LibTIFF vulnerabilities", by Lee Howard
2016.09.23 18:04 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
2016.09.23 22:34 "Re: [Tiff] LibTIFF vulnerabilities", by Even Rouault
2016.09.23 22:58 "Re: [Tiff] LibTIFF vulnerabilities", by Lee Howard
2016.09.23 23:47 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
2016.09.24 14:30 "Re: [Tiff] LibTIFF vulnerabilities", by Olivier Paquet
2016.09.24 14:45 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
2016.10.04 11:19 "Re: [Tiff] LibTIFF vulnerabilities", by Henk Jan Priester
2016.10.04 13:20 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
2016.10.07 10:15 "Re: [Tiff] Converting TIFFs with old-style JPEG compression", by John Brown
2016.10.07 10:41 "Re: [Tiff] Converting TIFFs with old-style JPEG compression", by John Brown
2016.09.23 20:50 "Re: [Tiff] LibTIFF vulnerabilities", by Jeff McKenna

2016.09.23 22:58 "Re: [Tiff] LibTIFF vulnerabilities", by Lee Howard

On 09/23/2016 03:34 PM, Even Rouault wrote:

Le vendredi 23 septembre 2016 19:03:46, Lee Howard a écrit:

On 09/23/2016 08:15 AM, Bob Friesenhahn wrote:

While a fix may be commited to libtiff CVS expediently, this does not necessarily result in an expedient fix to the millions of copies of libtiff which are already in use.

Ideally there would be a coordinated release that involved packages at as many distributions as possible... RedHat, SuSE, Fedora, Debian, Ubuntu, etc.

Before that, ideally more people would help looking at fixing the issues themselves. I'm personnaly not going to look at the Cisco reports in the short term, having already exceeded my volunteer time & energy on reports from other folks, and Bob wrote to me he's busy with other things. So if other libtiff committers want to join the party, please raise your hand.

I can commit... or at least I used to. So, I will be happy to help as much as I can.

Thanks,

Lee.