2009.07.17 00:42 "[Tiff] Compression algorithm does not support random access.", by Bob Friesenhahn

2009.08.24 17:25 "Re: [Tiff] libtiff 4.0.0beta3", by Bob Friesenhahn

It would be helpful if bug reports in bugzilla as well as CVS commit comments contained CVE numbers for security-related patches. It would make it much easier to verify that security fixes have been committed or at least acknowledged. But I did a careful analysis of this just a few days ago while preparing debian packages for 3.9.0 and 4.0.0 beta 3.

Executive summary: bugs 1895, 2024, and 2079 have not been applied to the trunk. They are all relatively simple.

Please double-check CVS HEAD to make sure that it is to your satisfaction. I have now applied fixes for the bug IDs you mentioned. The libtiff test suite ('make check') was mostly re-written yesterday.

I ran valgrind on all of the tests and was disappointed to not uncover anything which needs fixing.

Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/