[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: tiff updates

On 2018-03-22 09:19:31, Hugo Lefeuvre wrote:
> * Start working on tiff and tiff3:
>   - Investigate, debug/prepare and test patch for CVE-2018-7456 (git master
>     version). This issue was very long to debug because it required me
>     to have a good understanding of the TIFF standard which I had to
>     read carefully, and also of the TIFF codebase, which I had to study
>     extensively. I have submitted my patch to upstream, not sure it's
>     ready yet but I feel like I understand the problem well enough
>     to finish it and backport the patch to Wheezy and Jessie.
>     You can find most of my work on the debian-lts mailing list and
>     upstream bug report.
>     During my investigations I bumped across another, older issue which
>     I still have to investigate in master (it never got a CVE assigned and
>     I'm not even sure that upstream heard about it, it got probably
>     fixed 'by chance').

Hello Hugo!

I see you have the `tiff` package claimed in dla-needed.txt, but not
`tiff3`. I suspect both are fairly similar issues and that you intended
to work on both, so I figured it might be better to claim both next

But I haven't seen new activity on the packages since then, do you need
a review of the patches you submitted in March? Or for someone to carry
this work forward?


They say that time changes things, but you actually have to change
them yourself.           - Andy Warhol

Reply to: