Opened 7 years ago

Closed 7 years ago

#5830 closed defect (fixed)

Update of libtiff in 1.11 branch

Reported by: Even Rouault Owned by: Even Rouault
Priority: normal Milestone: 1.11.2
Component: GDAL_Raster Version: unspecified
Severity: normal Keywords: libtiff
Cc:

Description

From Kurt :

I suggest that 1.11.2 be held back until
libtiff is updated.  e.g. to
ftp://ftp.remotesensing.org/pub/libtiff/tiff-4.0.4beta.tar.gz or head.

There are a number of issues out in the wild:

http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt

http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt

http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt

Change History (1)

comment:1 Changed 7 years ago by Even Rouault

Resolution: fixed
Status: newclosed

branches/1.11 r28417 "Internal libtiff: partial upgrade to 4.0.4beta (everything, except changes in tif_jpeg.c that are not security related and cause differences in output) (#5830)"

Note: See TracTickets for help on using tickets.