AWARE [SYSTEMS] Imaging expertise for the Delphi developer
AWare Systems, Imaging expertise for the Delphi developer, Home TIFF and LibTiff Mailing List Archive

LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
August 2008

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

Contact

The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems



Valid HTML 4.01!



Thread

2008.08.29 22:53 "Some security fixes from RHEL", by Even Rouault
2008.08.30 02:08 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.01 22:18 "Re: libtiff security", by Dmitry V Levin
2008.08.31 15:17 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.08.31 15:38 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 21:09 "Re: Some security fixes from RHEL", by Rogier Wolff
2008.08.31 21:21 "Re: Some security fixes from RHEL", by <o.druemmer@callassoftware.com>
2008.08.31 21:51 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 22:08 "Re: Some security fixes from RHEL", by Lee Howard
2008.08.31 22:21 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 22:10 "Re: Some security fixes from RHEL", by Dmitry V Levin
2008.09.03 08:21 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.03 15:11 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 17:31 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 17:48 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 21:52 "Re: Some security fixes from RHEL", by Toby Thain
2008.08.31 22:01 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.08.31 21:59 "Re: Some security fixes from RHEL", by Lee Howard
2008.08.31 22:17 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 06:29 "Re: Some security fixes from RHEL", by Rogier Wolff
2008.09.01 06:53 "Re: Some security fixes from RHEL", by Toby Thain
2008.09.01 03:12 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.01 15:52 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.01 21:33 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.03 16:38 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 17:07 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 17:20 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 18:02 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 18:13 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 18:43 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 20:47 "Re: Some security fixes from RHEL", by Edward Lam
2008.09.03 21:01 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 18:32 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.03 19:04 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 19:32 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 21:39 "Re: Some security fixes from RHEL", by Lee Howard
2008.09.03 21:59 "Re: Some security fixes from RHEL", by Even Rouault
2008.09.03 22:35 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 23:31 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.04 07:47 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.04 12:55 "Re: Some security fixes from RHEL", by Edward Lam
2008.09.06 01:20 "Re: Some security fixes from RHEL", by Jay Berkenbilt
2008.09.04 07:22 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.04 08:05 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.04 08:52 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.04 20:06 "tiffsplit.c broken on Windows in trunk", by Edward Lam
2008.09.04 20:41 "Re: tiffsplit.c broken on Windows in trunk", by Toby Thain
2008.09.04 21:13 "Re: tiffsplit.c broken on Windows in trunk", by Edward Lam
2008.09.05 06:42 "Re: tiffsplit.c broken on Windows in trunk", by Andrey Kiselev
2008.09.03 17:16 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.04 07:45 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.01 22:30 "Re: Some security fixes from RHEL", by Dmitry V Levin
2008.09.03 08:05 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.01 05:11 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.01 15:30 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.01 15:33 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.02 08:13 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.02 08:24 "Re: Some security fixes from RHEL", by Tom Lane
2008.09.02 12:01 "Re: Some security fixes from RHEL", by Kai-uwe Behrmann
2008.09.02 15:49 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.03 08:14 "Re: Some security fixes from RHEL", by Andrey Kiselev
2008.09.03 14:07 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.03 15:53 "Re: Some security fixes from RHEL", by Frank Warmerdam
2008.09.01 16:23 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.01 18:00 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 22:04 "Re: Some security fixes from RHEL", by Dmitry V Levin
2008.09.01 15:40 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.01 18:19 "Re: Some security fixes from RHEL", by Rogier Wolff
2008.09.01 18:45 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.02 15:54 "Re: Some security fixes from RHEL", by <ron@debian.org>
2008.09.02 16:39 "Re: Some security fixes from RHEL", by Bob Friesenhahn
2008.09.03 08:03 "Re: Some security fixes from RHEL", by Andrey Kiselev

2008.08.31 21:21 "Re: Some security fixes from RHEL", by <o.druemmer@callassoftware.com>

Hi Rogier,

On 31.08.2008, at 23:09, Rogier Wolff wrote:

> For the record, I find your statement rediculous.


I actually find the statement right the opposite of being ridiculous.

The statement very clearly describes the relevant aspects of the  
matter at hand, and based on that gives a strong recommendation.

You can't blame libtiff (nor the volunteers behind it who have  
dedicated so much resources) for being used so widely. Still, everyone  
will have to use it at their own risk.

Vulnerabilities exploited through the internet is not something one  
should ignore. Depending on your needs and priorities it may be  
acceptable to use software linked against libtiff, or it may not be  
acceptable.  Only you as the user can decide.


Olaf

-- 
Olaf Druemmer | Managing Director | callas software GmbH |  
Schoenhauser Allee 6/7 | 10119 Berlin
Tel +49.30.4439031-0 | Fax +49.30.4416402 | o.druemmer@callassoftware.com 
  | www.callassoftware.com
Amtsgericht Charlottenburg, HRB 59615 | Geschäftsführung: Olaf  
Drümmer, Ulrich Frotscher