GNU bug report logs - #27370
[PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes].

Previous Next

Package: guix-patches;

Reported by: Leo Famulari <leo <at> famulari.name>

Date: Thu, 15 Jun 2017 03:47:02 UTC

Severity: normal

Tags: patch

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #16 received at 27370-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 27370-done <at> debbugs.gnu.org
Subject: Re: [bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to
 improper codec usage [security fixes].
Date: Thu, 15 Jun 2017 11:52:29 -0400

[Message part 1 (text/plain, inline)]

On Thu, Jun 15, 2017 at 10:13:43AM +0200, Ludovic Courtès wrote:
> Leo Famulari <leo <at> famulari.name> skribis:
> 
> > Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and
> > the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'.
> >
> > * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it.
> 
> LGTM.  ‘guix lint -c cve’ will keep complaining, but I guess splitting
> the patch in one patch per CVE might be hard and not worth the effort.
> Thoughts?

The long list of bugs has a single root cause and fix, so there is only
one patch.

> Could you apply them to ‘core-updates’ as well?

Sure, done!

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 8 years and 56 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27370 [PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes].

GNU bug report logs - #27370
[PATCH] gnu: libtiff: Fix several bugs related to improper codec usage [security fixes].