AWARE SYSTEMS
TIFF and LibTiff Mail List Archive

Thread

2017.05.02 11:57 "[Tiff] next release?", by Wall, Stephen
2017.05.16 22:34 "Re: [Tiff] next release?", by Bob Friesenhahn
2017.05.17 09:11 "Re: [Tiff] next release?", by Even Rouault
2017.05.17 10:35 "Re: [Tiff] next release?", by Even Rouault

2017.05.17 10:35 "Re: [Tiff] next release?", by Even Rouault

On mercredi 17 mai 2017 11:11:04 CEST Even Rouault wrote:

On mardi 16 mai 2017 17:34:24 CEST Bob Friesenhahn wrote:

Hi, any chance of a 4.0.8 release soon, to fix these?

CVE-2017-7592 through CVE-2017-7602
CVE-2017-5225

I have been away on vacation. I will find time to make another release if the consensus is that the CVS version is good.

Bob,

I'm seeing functional regressions in CHUNKY_STRIP_READ_SUPPORT mode due to my latest changes in that area. I'm on it. Should hopefully be fixed soon.

Fixed now.

FYI libtiff is indirectly tested through Google OSS Fuzz program (https://github.com/google/oss-fuzz) since GDAL is now part of it and I've configured it with its internal libtiff copy (which I keep in sync with libtiff CVS head each time I commit into CVS)

Even

--
Spatialys - Geospatial professional services
http://www.spatialys.com