2005.06.03 07:17 "[Tiff] BitsPerSample buffer overflow - security release?", by Gervase Markham

2005.06.03 07:17 "[Tiff] BitsPerSample buffer overflow - security release?", by Gervase Markham

Hi,

Is there a planned release date for a stable version of libTIFF with a fix for the BitsPerSample stack-based buffer overflow[0]?

You guys fixed the problem in CVS early last month[1].

Gentoo[2] and Ubuntu[3] have already issued updated packages. We use a binary version of libTIFF embedded in FreeImage[4], and so can't easily patch our local copy, so ideally you guys would release an update and then we'd get them to release one as well. Do you have a planned release date for the next version?

Thanks for your time,

Gerv

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1544
[1] http://bugzilla.remotesensing.org/show_bug.cgi?id=843
[2] http://www.gentoo.org/security/en/glsa/glsa-200505-07.xml
[3] http://www.ubuntulinux.org/support/documentation/usn/usn-130-1
[4] http://freeimage.sourceforge.net/