AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2005.06.03 07:17 "[Tiff] BitsPerSample buffer overflow - security release?", by Gervase Markham
2005.06.03 13:42 "RE: [Tiff] BitsPerSample buffer overflow - security release?", by Thom DeCarlo
2005.06.07 17:41 "Re: [Tiff] BitsPerSample buffer overflow - security release?", by Andrey Kiselev

2005.06.07 17:41 "Re: [Tiff] BitsPerSample buffer overflow - security release?", by Andrey Kiselev

On Fri, Jun 03, 2005 at 08:17:14AM +0100, Gervase Markham wrote:

Is there a planned release date for a stable version of libTIFF with a fix for the BitsPerSample stack-based buffer overflow[0]?

You guys fixed the problem in CVS early last month[1].

Gentoo[2] and Ubuntu[3] have already issued updated packages. We use a binary version of libTIFF embedded in FreeImage[4], and so can't easily patch our local copy, so ideally you guys would release an update and then we'd get them to release one as well. Do you have a planned release date for the next version?

Well, I think the new release can be assigned at the end of the next wek, i.e. June, 17.

Best regards,
Andrey

--
Andrey V. Kiselev

Home phone: +7 812 5970603 ICQ# 26871517