GNU bug report logs - #27603
[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

Previous Next

Package: guix-patches;

Reported by: Alex Vong <alexvong1995 <at> gmail.com>

Date: Thu, 6 Jul 2017 22:33:02 UTC

Severity: important

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

Message #19 received at 27603-done <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Alex Vong <alexvong1995 <at> gmail.com>
Cc: 27603-done <at> debbugs.gnu.org
Subject: Re: [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
Date: Fri, 7 Jul 2017 12:30:47 -0400

[Message part 1 (text/plain, inline)]

On Fri, Jul 07, 2017 at 09:20:07PM +0800, Alex Vong wrote:
> Ahhh, I blindly used the links from debian security tracker. Should have
> been more careful. I wonder why they use links from an unofficial mirror.

I noticed they were doing that, and I don't understand why. It *is*
convenient to have a relatively stable changeset ID in the form of Git
commit hashes.

I asked about it on oss-security and the repo was confirmed to be
unofficial:

http://seclists.org/oss-sec/2017/q1/15

It has been acknowledged by the libtiff maintainer:

http://maptools-org.996276.n3.nabble.com/git-version-control-td13746.html

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 318 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27603 [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

GNU bug report logs - #27603
[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.