2016.09.23 14:36 "[Tiff] LibTIFF vulnerabilities", by Yves Younan

2016.09.23 22:58 "Re: [Tiff] LibTIFF vulnerabilities", by Lee Howard

On 09/23/2016 03:34 PM, Even Rouault wrote:

Le vendredi 23 septembre 2016 19:03:46, Lee Howard a écrit:

On 09/23/2016 08:15 AM, Bob Friesenhahn wrote:

While a fix may be commited to libtiff CVS expediently, this does not necessarily result in an expedient fix to the millions of copies of libtiff which are already in use.

Ideally there would be a coordinated release that involved packages at as many distributions as possible... RedHat, SuSE, Fedora, Debian, Ubuntu, etc.

Before that, ideally more people would help looking at fixing the issues themselves. I'm personnaly not going to look at the Cisco reports in the short term, having already exceeded my volunteer time & energy on reports from other folks, and Bob wrote to me he's busy with other things. So if other libtiff committers want to join the party, please raise your hand.

I can commit... or at least I used to. So, I will be happy to help as much as I can.

Thanks,

Lee.