LibTiff Mailing List Archive, "Re: Some security fixes from RHEL", by Lee Howard


AWARE [SYSTEMS]		Imaging expertise for the Delphi developer
		TIFF and LibTiff Mailing List Archive
	LibTiff Mailing List TIFF and LibTiff Mailing List Archive August 2008 Previous Thread Next Thread Previous by Thread Next by Thread Previous by Date Next by Date Contact The TIFF Mailing List Homepage This list is run by Frank Warmerdam Archive maintained by AWare Systems	Thread 2008.08.29 22:53 "Some security fixes from RHEL", by Even Rouault 2008.08.30 02:08 "Re: Some security fixes from RHEL", by Tom Lane 2008.09.01 22:18 "Re: libtiff security", by Dmitry V Levin 2008.08.31 15:17 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.08.31 15:38 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.08.31 21:09 "Re: Some security fixes from RHEL", by Rogier Wolff 2008.08.31 21:21 "Re: Some security fixes from RHEL", by <o.druemmer@callassoftware.com> 2008.08.31 21:51 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.08.31 22:08 "Re: Some security fixes from RHEL", by Lee Howard 2008.08.31 22:21 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.01 22:10 "Re: Some security fixes from RHEL", by Dmitry V Levin 2008.09.03 08:21 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.09.03 15:11 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.03 17:31 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.03 17:48 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.08.31 21:52 "Re: Some security fixes from RHEL", by Toby Thain 2008.08.31 22:01 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.08.31 21:59 "Re: Some security fixes from RHEL", by Lee Howard 2008.08.31 22:17 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.01 06:29 "Re: Some security fixes from RHEL", by Rogier Wolff 2008.09.01 06:53 "Re: Some security fixes from RHEL", by Toby Thain 2008.09.01 03:12 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.01 15:52 "Re: Some security fixes from RHEL", by Lee Howard 2008.09.01 21:33 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.03 16:38 "Re: Some security fixes from RHEL", by Lee Howard 2008.09.03 17:07 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.03 17:20 "Re: Some security fixes from RHEL", by Lee Howard 2008.09.03 18:02 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.03 18:13 "Re: Some security fixes from RHEL", by Lee Howard 2008.09.03 18:43 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.03 20:47 "Re: Some security fixes from RHEL", by Edward Lam 2008.09.03 21:01 "Re: Some security fixes from RHEL", by Lee Howard 2008.09.03 18:32 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.03 19:04 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.03 19:32 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.03 21:39 "Re: Some security fixes from RHEL", by Lee Howard 2008.09.03 21:59 "Re: Some security fixes from RHEL", by Even Rouault 2008.09.03 22:35 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.03 23:31 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.04 07:47 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.04 12:55 "Re: Some security fixes from RHEL", by Edward Lam 2008.09.06 01:20 "Re: Some security fixes from RHEL", by Jay Berkenbilt 2008.09.04 07:22 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.09.04 08:05 "Re: Some security fixes from RHEL", by Tom Lane 2008.09.04 08:52 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.09.04 20:06 "tiffsplit.c broken on Windows in trunk", by Edward Lam 2008.09.04 20:41 "Re: tiffsplit.c broken on Windows in trunk", by Toby Thain 2008.09.04 21:13 "Re: tiffsplit.c broken on Windows in trunk", by Edward Lam 2008.09.05 06:42 "Re: tiffsplit.c broken on Windows in trunk", by Andrey Kiselev 2008.09.03 17:16 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.04 07:45 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.09.01 22:30 "Re: Some security fixes from RHEL", by Dmitry V Levin 2008.09.03 08:05 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.09.01 05:11 "Re: Some security fixes from RHEL", by Tom Lane 2008.09.01 15:30 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.01 15:33 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.02 08:13 "Re: Some security fixes from RHEL", by Tom Lane 2008.09.02 08:24 "Re: Some security fixes from RHEL", by Tom Lane 2008.09.02 12:01 "Re: Some security fixes from RHEL", by Kai-uwe Behrmann 2008.09.02 15:49 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.03 08:14 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.09.03 14:07 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.03 15:53 "Re: Some security fixes from RHEL", by Frank Warmerdam 2008.09.01 16:23 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.01 18:00 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.01 22:04 "Re: Some security fixes from RHEL", by Dmitry V Levin 2008.09.01 15:40 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.01 18:19 "Re: Some security fixes from RHEL", by Rogier Wolff 2008.09.01 18:45 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.02 15:54 "Re: Some security fixes from RHEL", by <ron@debian.org> 2008.09.02 16:39 "Re: Some security fixes from RHEL", by Bob Friesenhahn 2008.09.03 08:03 "Re: Some security fixes from RHEL", by Andrey Kiselev 2008.08.31 22:08 "Re: Some security fixes from RHEL", by Lee Howard Bob Friesenhahn wrote: > The programs you list: gqview, GIMP, ImageMagick, and Hylafax are not > safe to use when faced with files from malicious users. I would challenge that nothing is safe when faced with an onslaught of malicious-intent. This is why firewalls are used. This is why things are encrypted and password protected. However, just because complete security isn't possible, and just because system maintainers should design to keep malicious activity away, these don't mean that secure coding efforts aren't also important. > The application I maintain (GraphicsMagick) already has an security > exposure of over 1.1 million lines of code. Modern ImageMagick likely > doubles or quadruples this exposure. Do you care to thoroughly > inspect all of this code? I don't think that a full security audit is being requested. Rather, I think that the original poster is simply asking that these things be addressed as they are reported. I don't consider that unreasonable. Thanks, Lee.

LibTiff Mailing List

Thread

2008.08.31 22:08 "Re: Some security fixes from RHEL", by Lee Howard