GNU bug report logs

#27603 [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.

PackageSource(s)Maintainer(s)
guix-patches PTS Buildd Popcon
Full log

Message #8 received at 27603@debbugs.gnu.org (full text, mbox, reply):

Received: (at 27603) by debbugs.gnu.org; 6 Jul 2017 23:40:48 +0000
From debbugs-submit-bounces@debbugs.gnu.org Thu Jul 06 19:40:47 2017
Received: from localhost ([127.0.0.1]:55514 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1dTGO7-0000wj-Cm
	for submit@debbugs.gnu.org; Thu, 06 Jul 2017 19:40:47 -0400
Received: from out2-smtp.messagingengine.com ([66.111.4.26]:52389)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo@famulari.name>) id 1dTGNz-0000wT-Ue
 for 27603@debbugs.gnu.org; Thu, 06 Jul 2017 19:40:44 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.nyi.internal (Postfix) with ESMTP id 75D6E208A3;
 Thu,  6 Jul 2017 19:40:39 -0400 (EDT)
Received: from frontend2 ([10.202.2.161])
 by compute4.internal (MEProxy); Thu, 06 Jul 2017 19:40:39 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=cc:content-type:date:from:in-reply-to:message-id:mime-version
 :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc
 :x-sasl-enc; s=mesmtp; bh=i76Jf4JxkTZtiiPVJzvcQgAy9ZZabIBstjdm39
 rxLPk=; b=VzEykEic/0W/FnjgnT6VA0/xzu9IK50YGYYkslhRPMx1JE1gqRYTC3
 vkOXfDFnJgt1esWFkMjCOD8X5+R7Y84/UXiJrhataRh84pC7ZC+td9GAkog6jUhN
 1TLWzAMASV1ScLPEt4py9OKvliSbICbHLPA0qfh6Fy5LuPWcb4kpc=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-sender
 :x-me-sender:x-sasl-enc:x-sasl-enc; s=fm1; bh=i76Jf4JxkTZtiiPVJz
 vcQgAy9ZZabIBstjdm39rxLPk=; b=edhqqJ4XMpo5Mfwj9ji7vAQXojZ1O+EbmZ
 Hvk9TVsDUS7HB4qOywFH+K71FH7SelH5nuD3A84b7oDVJFV1T5kR44o05b3bPjA0
 N4FFA01IRQx0vjptCuDx3ZaA3rqVS/sepkPVmxEFxmj5vtTPRhYmP/LwZWgSp7Pg
 eJVi345wi+c3/Ff19oUF+qK/5eK8imvUECa7SZsc0Og+2RCUq+/zl90wkOVI0a11
 SB75mSlrytJXdliCKIi6AvVVwjTIxDNfk9eSIPm/jYGBVlL7in71BWeLST3m63/y
 AYC8KZmwXpWsnBe2pOITyUpyWPdRo36naoduUZDatiZTkXdXbvFg==
X-ME-Sender: <xms:d8peWXbdhK2WVcfJ-mxeaWSiltiAShJrub9rCcvLSBbmKlsj2zOA2g>
X-Sasl-enc: /HFrFBOgCy5tdcbvOrxA1dEiiYmpFvteW0B3eamWiAuc 1499384439
Received: from localhost (pool-108-26-246-73.bstnma.fios.verizon.net
 [108.26.246.73])
 by mail.messagingengine.com (Postfix) with ESMTPA id 23D6D24776;
 Thu,  6 Jul 2017 19:40:39 -0400 (EDT)
Date: Thu, 6 Jul 2017 19:40:38 -0400
From: Leo Famulari <leo@famulari.name>
To: Alex Vong <alexvong1995@gmail.com>
Subject: Re: [bug#27603] [PATCH] gnu: libtiff: Fix CVE-2017-{9936,10688}.
Message-ID: <20170706234038.GB1280@jasmine.lan>
References: <87r2xti4dz.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="8P1HSweYDcXXzwPJ"
Content-Disposition: inline
In-Reply-To: <87r2xti4dz.fsf@gmail.com>
User-Agent: Mutt/1.8.3 (2017-05-23)
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 27603
Cc: 27603@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

[Message part 1 (text/plain, inline)]
On Fri, Jul 07, 2017 at 06:31:36AM +0800, Alex Vong wrote:
> * gnu/packages/patches/libtiff-CVE-2017-9936.patch,
>   gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files.
> * gnu/packages/image.scm (libtiff-4.0.8)[source]: Add patches.
> * gnu/local.mk (dist_patch_DATA): Add them.

> +Patch lifted from upstream source repository (the changes to 'ChangeLog'
> +don't apply to the libtiff 4.0.8 release tarball):
> +
> +https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1

This is actually not the upstream source repository. It's a 3rd party
unofficial mirror.

To the chagrin of young packagers everywhere, libtiff is still using
CVS. Unless somebody beats me to it, I'll extract the patches from their
CVS repo later tonight.

[signature.asc (application/pgp-signature, inline)]

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 03:32:14 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.