AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2022.05.20 16:38 "[Tiff] libtiff v4.4.0 RC1 available", by Even Rouault
2022.05.20 17:56 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Kurt Schwehr
2022.05.20 18:04 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Even Rouault
2022.05.20 19:02 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Kurt Schwehr
2022.05.22 00:21 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Greg Troxel
2022.05.22 10:05 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Even Rouault
2022.05.22 13:04 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Greg Troxel
2022.05.22 15:53 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Greg Troxel

2022.05.22 15:53 "Re: [Tiff] libtiff v4.4.0 RC1 available", by Greg Troxel

I just went through all the CVEs recorded in pkgsrc as applying to tiff (ignoring those marked fixed with earlier versions) and this is the only one left:

https://nvd.nist.gov/vuln/detail/CVE-2018-10126
https://gitlab.com/libtiff/libtiff/-/issues/128

That's not meant as a complaint - it's a huge milestone given the history of tiff and CVEs.