2005.06.07 17:41 "Re: [Tiff] BitsPerSample buffer overflow - security release?", by Andrey Kiselev
Is there a planned release date for a stable version of libTIFF with a fix for the BitsPerSample stack-based buffer overflow[0]?
You guys fixed the problem in CVS early last month[1].
Gentoo[2] and Ubuntu[3] have already issued updated packages. We use a binary version of libTIFF embedded in FreeImage[4], and so can't easily patch our local copy, so ideally you guys would release an update and then we'd get them to release one as well. Do you have a planned release date for the next version?
Well, I think the new release can be assigned at the end of the next wek, i.e. June, 17.
Best regards,
Andrey
Andrey V. Kiselev
Home phone: +7 812 5970603 ICQ# 26871517