[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#27603: [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
|
From: |
Leo Famulari |
|
Subject: |
bug#27603: [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}. |
|
Date: |
Fri, 7 Jul 2017 00:07:26 -0400 |
|
User-agent: |
Mutt/1.8.3 (2017-05-23) |
On Thu, Jul 06, 2017 at 07:40:38PM -0400, Leo Famulari wrote:
> On Fri, Jul 07, 2017 at 06:31:36AM +0800, Alex Vong wrote:
> > * gnu/packages/patches/libtiff-CVE-2017-9936.patch,
> > gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files.
> > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Add patches.
> > * gnu/local.mk (dist_patch_DATA): Add them.
>
> > +Patch lifted from upstream source repository (the changes to 'ChangeLog'
> > +don't apply to the libtiff 4.0.8 release tarball):
> > +
> > +https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
>
> This is actually not the upstream source repository. It's a 3rd party
> unofficial mirror.
>
> To the chagrin of young packagers everywhere, libtiff is still using
> CVS. Unless somebody beats me to it, I'll extract the patches from their
> CVS repo later tonight.
I pushed this as dab536fe1ae5a8775a2b50fa50556445b6ac7818. Thanks for
getting it started Alex!
signature.asc
Description: PGP signature