2005.06.03 07:17 "[Tiff] BitsPerSample buffer overflow - security release?", by Gervase Markham
[Resending from correct address now I'm subscribed.]
Is there a planned release date for a stable version of libTIFF with a fix for the BitsPerSample stack-based buffer overflow?
You guys fixed the problem in CVS early last month.
Gentoo and Ubuntu have already issued updated packages. We use a binary version of libTIFF embedded in FreeImage, and so can't easily patch our local copy, so ideally you guys would release an update and then we'd get them to release one as well. Do you have a planned release date for the next version?
Thanks for your time,
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544  http://bugzilla.remotesensing.org/show_bug.cgi?id=843  http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml  http://www.ubuntulinux.org/support/documentation/usn/usn-130-1  http://freeimage.sourceforge.net/