- 2009.08.20 02:36 "Re: [Tiff] any 3.9.0 status update?", by Frank Warmerdam
2009.08.24 17:25 "Re: [Tiff] libtiff 4.0.0beta3", by Bob Friesenhahn
It would be helpful if bug reports in bugzilla as well as CVS commit comments contained CVE numbers for security-related patches. It would make it much easier to verify that security fixes have been committed or at least acknowledged. But I did a careful analysis of this just a few days ago while preparing debian packages for 3.9.0 and 4.0.0 beta 3.
Executive summary: bugs 1895, 2024, and 2079 have not been applied to the trunk. They are all relatively simple.
Please double-check CVS HEAD to make sure that it is to your satisfaction. I have now applied fixes for the bug IDs you mentioned. The libtiff test suite ('make check') was mostly re-written yesterday.
I ran valgrind on all of the tests and was disappointed to not uncover anything which needs fixing.
Bob
--
Bob Friesenhahn
bfriesen@simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/