2016.09.23 14:36 "[Tiff] LibTIFF vulnerabilities", by Yves Younan

2016.09.23 18:04 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn

On 09/23/2016 08:15 AM, Bob Friesenhahn wrote:

While a fix may be commited to libtiff CVS expediently, this does not necessarily result in an expedient fix to the millions of copies of libtiff which are already in use.

Ideally there would be a coordinated release that involved packages at as many distributions as possible... RedHat, SuSE, Fedora, Debian, Ubuntu, etc.

Many of the distributions are only willing to apply source patches to already released versions and are not willing to update to the latest release. This is definitely the norm for Debian.

Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/