AWARE [SYSTEMS] Imaging expertise for the Delphi developer
AWare Systems, Imaging expertise for the Delphi developer, Home TIFF and LibTiff Mailing List Archive

LibTiff Mailing List

TIFF and LibTiff Mailing List Archive
June 2005

Previous Thread
Next Thread

Previous by Thread
Next by Thread

Previous by Date
Next by Date

Contact

The TIFF Mailing List Homepage
This list is run by Frank Warmerdam
Archive maintained by AWare Systems



Valid HTML 4.01!



Thread

2005.06.03 07:17 "BitsPerSample buffer overflow - security release?", by Gervase Markham
2005.06.03 13:42 "Re: BitsPerSample buffer overflow - security release?", by Thom Decarlo
2005.06.07 17:41 "Re: BitsPerSample buffer overflow - security release?", by Andrey Kiselev

2005.06.03 07:17 "BitsPerSample buffer overflow - security release?", by Gervase Markham

Hi,

Is there a planned release date for a stable version of libTIFF with a 
fix for the BitsPerSample stack-based buffer overflow[0]?

You guys fixed the problem in CVS early last month[1].

Gentoo[2] and Ubuntu[3] have already issued updated packages. We use a 
binary version of libTIFF embedded in FreeImage[4], and so can't easily 
patch our local copy, so ideally you guys would release an update and 
then we'd get them to release one as well. Do you have a planned release 
date for the next version?

Thanks for your time,

Gerv

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544
[1] http://bugzilla.remotesensing.org/show_bug.cgi?id=843
[2] http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
[3] http://www.ubuntulinux.org/support/documentation/usn/usn-130-1
[4] http://freeimage.sourceforge.net/