Opened 9 years ago
Closed 9 years ago
#5830 closed defect (fixed)
Update of libtiff in 1.11 branch
Reported by: | Even Rouault | Owned by: | Even Rouault |
---|---|---|---|
Priority: | normal | Milestone: | 1.11.2 |
Component: | GDAL_Raster | Version: | unspecified |
Severity: | normal | Keywords: | libtiff |
Cc: |
Description
From Kurt :
I suggest that 1.11.2 be held back until libtiff is updated. e.g. to ftp://ftp.remotesensing.org/pub/libtiff/tiff-4.0.4beta.tar.gz or head. There are a number of issues out in the wild: http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
Note:
See TracTickets
for help on using tickets.
branches/1.11 r28417 "Internal libtiff: partial upgrade to 4.0.4beta (everything, except changes in tif_jpeg.c that are not security related and cause differences in output) (#5830)"