2016.09.23 18:04 "Re: [Tiff] LibTIFF vulnerabilities", by Bob Friesenhahn
On 09/23/2016 08:15 AM, Bob Friesenhahn wrote:
While a fix may be commited to libtiff CVS expediently, this does not necessarily result in an expedient fix to the millions of copies of libtiff which are already in use.
Ideally there would be a coordinated release that involved packages at as many distributions as possible... RedHat, SuSE, Fedora, Debian, Ubuntu, etc.
Many of the distributions are only willing to apply source patches to already released versions and are not willing to update to the latest release. This is definitely the norm for Debian.
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/