[bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

From:	Leo Famulari
Subject:	[bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
Date:	Fri, 7 Jul 2017 12:30:47 -0400
User-agent:	Mutt/1.8.3 (2017-05-23)

On Fri, Jul 07, 2017 at 09:20:07PM +0800, Alex Vong wrote:
> Ahhh, I blindly used the links from debian security tracker. Should have
> been more careful. I wonder why they use links from an unofficial mirror.

I noticed they were doing that, and I don't understand why. It *is*
convenient to have a relatively stable changeset ID in the form of Git
commit hashes.

I asked about it on oss-security and the repo was confirmed to be
unofficial:

http://seclists.org/oss-sec/2017/q1/15

It has been acknowledged by the libtiff maintainer:

http://maptools-org.996276.n3.nabble.com/git-version-control-td13746.html

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}., Alex Vong, 2017/07/06
- [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}., Leo Famulari, 2017/07/06
  - bug#27603: [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}., Leo Famulari, 2017/07/07
    - [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}., Alex Vong, 2017/07/07
    - [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}., Leo Famulari <=

Prev by Date: [bug#27599] [PATCH 1/2] gnu: Add cmdtest.
Next by Date: [bug#27607] [PATCH] gnu: libtiff: Fix two integer overflows.
Previous by thread: [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
Next by thread: [bug#27604] [PATCH] gnu: youtube-dl: Update to 2017.07.02.
Index(es):
- Date
- Thread