2022.05.29 12:59 "Re: [Tiff] libtiff 4.4.0 is released", by Greg Troxel

I have committed an update to pkgsrc of 4.4.0.

We have a database of CVEs and what versions they apply to. With 4.4.0 and me adjusting the entries to limit many of them to <4.4.0, only one CVE remains in the database.

As far as I can tell this one is not resolved, but I didn't try the POC:

https://nvd.nist.gov/vuln/detail/CVE-2018-10126
http://bugzilla.maptools.org/show_bug.cgi?id=2786
https://gitlab.com/libtiff/libtiff/-/issues/128