GNU bug report logs - #27603
[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

Previous Next

Package: guix-patches;

Reported by: Alex Vong <alexvong1995 <at> gmail.com>

Date: Thu, 6 Jul 2017 22:33:02 UTC

Severity: important

Tags: patch, security

Done: Leo Famulari <leo <at> famulari.name>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Leo Famulari <leo <at> famulari.name>
To: Alex Vong <alexvong1995 <at> gmail.com>
Cc: 27603 <at> debbugs.gnu.org
Subject: [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
Date: Thu, 6 Jul 2017 19:40:38 -0400

[Message part 1 (text/plain, inline)]

On Fri, Jul 07, 2017 at 06:31:36AM +0800, Alex Vong wrote:
> * gnu/packages/patches/libtiff-CVE-2017-9936.patch,
>   gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files.
> * gnu/packages/image.scm (libtiff-4.0.8)[source]: Add patches.
> * gnu/local.mk (dist_patch_DATA): Add them.

> +Patch lifted from upstream source repository (the changes to 'ChangeLog'
> +don't apply to the libtiff 4.0.8 release tarball):
> +
> +https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1

This is actually not the upstream source repository. It's a 3rd party
unofficial mirror.

To the chagrin of young packagers everywhere, libtiff is still using
CVS. Unless somebody beats me to it, I'll extract the patches from their
CVS repo later tonight.

[signature.asc (application/pgp-signature, inline)]

This bug report was last modified 7 years and 317 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #27603 [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

GNU bug report logs - #27603
[PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.