AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2010.12.06 16:32 "[Tiff] Security vulnerability CVE-2010-3847", by imipak
2010.12.06 18:44 "Re: [Tiff] Security vulnerability CVE-2010-3847", by Lee Howard
2010.12.06 20:09 "Re: [Tiff] Security vulnerability CVE-2010-3847", by Tom Lane
2010.12.08 01:19 "Re: [Tiff] Security vulnerability CVE-2010-3847", by Lee Howard
2010.12.07 16:07 "Re: [Tiff] Security vulnerability CVE-2010-3847", by imipak

2010.12.06 16:32 "[Tiff] Security vulnerability CVE-2010-3847", by imipak

hi,

I notice that Mandriva and SuSE have released updates for their

libtiff packages to fix for CVE-2010-3087, but there doesn't seem to
be any sign of it in the changelog for 3.9.4 (or, indeed, earlier
releases.)

CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087

Mandriva: http://www.mandriva.com/en/security/advisories?name=MDVSA-2010:190

SuSE: http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

Is there any ETA for a fix on the main source tree?

cheers

\a

--
  wake up the past
    and tell it to stay away