AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2022.05.27 14:57 "[Tiff] libtiff 4.4.0 is released", by Even Rouault
2022.05.28 10:44 "Re: [Tiff] libtiff 4.4.0 is released", by Vincent Torri
2022.05.29 13:38 "[Tiff] OpenGL configuration option", by Roger
2022.05.29 22:26 "Re: [Tiff] OpenGL configuration option", by Vincent Torri
2022.05.29 12:59 "Re: [Tiff] libtiff 4.4.0 is released", by Greg Troxel
2022.05.29 13:51 "Re: [Tiff] libtiff 4.4.0 is released", by Roger

2022.05.29 12:59 "Re: [Tiff] libtiff 4.4.0 is released", by Greg Troxel

I have committed an update to pkgsrc of 4.4.0.

We have a database of CVEs and what versions they apply to. With 4.4.0 and me adjusting the entries to limit many of them to <4.4.0, only one CVE remains in the database.

As far as I can tell this one is not resolved, but I didn't try the POC:

https://nvd.nist.gov/vuln/detail/CVE-2018-10126
http://bugzilla.maptools.org/show_bug.cgi?id=2786
https://gitlab.com/libtiff/libtiff/-/issues/128