2008.08.29 22:53 "[Tiff] Some security fixes from RHEL", by Even Rouault

2008.09.01 22:10 "Re: [Tiff] Some security fixes from RHEL", by Dmitry V. Levin

On Sun, Aug 31, 2008 at 05:21:50PM -0500, Bob Friesenhahn wrote:

I don't think that a full security audit is being requested. Rather, I think that the original poster is simply asking that these things be addressed as they are reported.

There has not been a refusal to address the issue but there is no commitment yet as to when (and if) a replacement for 3.8.2 would become available. The 3.9.0beta package is currently not binary compatible with libtiff 3.8.2. Libtiff 4.0.0 is still on the horizon as well.

I'm doubt that security people are going to audit code which is "still on the horizon", they rather choose smth close to production.

--
ldv