GNU bug report logs - #27603
[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

Previous Next

Package: guix-patches;

Reported by: Alex Vong <alexvong1995 <at> gmail.com>

Date: Thu, 6 Jul 2017 22:33:02 UTC

Severity: important

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #13 received at 27603-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Alex Vong <alexvong1995 <at> gmail.com>
Cc: 27603-done <at> debbugs.gnu.org
Subject: Re: [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
Date: Fri, 7 Jul 2017 00:07:26 -0400

[Message part 1 (text/plain, inline)]
On Thu, Jul 06, 2017 at 07:40:38PM -0400, Leo Famulari wrote:
> On Fri, Jul 07, 2017 at 06:31:36AM +0800, Alex Vong wrote:
> > * gnu/packages/patches/libtiff-CVE-2017-9936.patch,
> >   gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files.
> > * gnu/packages/image.scm (libtiff-4.0.8)[source]: Add patches.
> > * gnu/local.mk (dist_patch_DATA): Add them.
> 
> > +Patch lifted from upstream source repository (the changes to 'ChangeLog'
> > +don't apply to the libtiff 4.0.8 release tarball):
> > +
> > +https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
> 
> This is actually not the upstream source repository. It's a 3rd party
> unofficial mirror.
> 
> To the chagrin of young packagers everywhere, libtiff is still using
> CVS. Unless somebody beats me to it, I'll extract the patches from their
> CVS repo later tonight.

I pushed this as dab536fe1ae5a8775a2b50fa50556445b6ac7818. Thanks for
getting it started Alex!

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 7 years and 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.