2005.06.03 07:17 "[Tiff] BitsPerSample buffer overflow - security release?", by Gervase Markham

2005.06.07 17:41 "Re: [Tiff] BitsPerSample buffer overflow - security release?", by Andrey Kiselev

Is there a planned release date for a stable version of libTIFF with a fix for the BitsPerSample stack-based buffer overflow[0]?

You guys fixed the problem in CVS early last month[1].

Gentoo[2] and Ubuntu[3] have already issued updated packages. We use a binary version of libTIFF embedded in FreeImage[4], and so can't easily patch our local copy, so ideally you guys would release an update and then we'd get them to release one as well. Do you have a planned release date for the next version?

Well, I think the new release can be assigned at the end of the next wek, i.e. June, 17.

Best regards,
Andrey

Andrey V. Kiselev
Home phone: +7 812 5970603 ICQ# 26871517