:41 PM
To: Ellen Johnson
Cc: tiff@lists.osgeo.org
Subject: Re: [Tiff] clarification on the fix status for new CVE-2022-3570?
On Mon, 7 Nov 2022, Ellen Johnson wrote:
> Thank you Kurt. And thank you to all the libtiff developers. Kurt,
> thanks for your suggestion about using libtiff fro
On Mon, 7 Nov 2022, Ellen Johnson wrote:
Thank you Kurt. And thank you to all the libtiff developers. Kurt,
thanks for your suggestion about using libtiff from head as you do
for Google and it would be great if we could do that too. However
here at MathWorks our product security team
. Only under rare circumstances would we be able to obtain an
exception for this policy.
From: Jeff Breidenbach
Sent: Friday, November 4, 2022 7:12 PM
To: Kurt Schwehr
Cc: Ellen Johnson ; tiff@lists.osgeo.org
Subject: Re: [Tiff] clarification on the fix status for new CVE-2022-3570?
And thank you
ibing the vulnerability, but I do see that
>>the libtiff fix for CVE-2022-0562 was released in 4.4.0. Can you please
>>let me know if CVE-2022-34266 is a new vulnerability that’s different from
>> CVE-2022-0562 as stated in the NVD CVE report?
>>
>&
t;
>
>
> *From:* Ellen Johnson
> *Sent:* Wednesday, October 26, 2022 5:50 PM
> *To:* Sulau ; tiff@lists.osgeo.org
> *Subject:* RE: [Tiff] clarification on the fix status for new
> CVE-2022-3570?
>
>
>
> Hi Su,
>
> Thank you so much for clarifying.
>
>
report?
Thank you,
ellen
From: Ellen Johnson
Sent: Wednesday, October 26, 2022 5:50 PM
To: Sulau ; tiff@lists.osgeo.org
Subject: RE: [Tiff] clarification on the fix status for new CVE-2022-3570?
Hi Su,
Thank you so much for clarifying.
Do you have an estimate on the timeframe for release
An: tiff@lists.osgeo.org<mailto:tiff@lists.osgeo.org>
Betreff: [Tiff] clarification on the fix status for new CVE-2022-3570?
Hi libtiff developers,
I'm confused about the new CVE reported in libtiff >= 4.4.0 related to the
previous CVEs in tiffcrop.c. There's a lot of comments in t
:05
An: tiff@lists.osgeo.org
Betreff: [Tiff] clarification on the fix status for new CVE-2022-3570?
Hi libtiff developers,
I'm confused about the new CVE reported in libtiff >= 4.4.0 related to the
previous CVEs in tiffcrop.c. There's a lot of comments in the GitLab issues
and I'm try
Hi libtiff developers,
I'm confused about the new CVE reported in libtiff >= 4.4.0 related to the
previous CVEs in tiffcrop.c. There's a lot of comments in the GitLab issues
and I'm trying to detangle whether this is fixed in 4.4.0, or in the master
branch waiting to be released into a new