Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-11-07 Thread Ellen Johnson
:41 PM To: Ellen Johnson Cc: tiff@lists.osgeo.org Subject: Re: [Tiff] clarification on the fix status for new CVE-2022-3570? On Mon, 7 Nov 2022, Ellen Johnson wrote: > Thank you Kurt. And thank you to all the libtiff developers. Kurt, > thanks for your suggestion about using libtiff fro

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-11-07 Thread Bob Friesenhahn
On Mon, 7 Nov 2022, Ellen Johnson wrote: Thank you Kurt. And thank you to all the libtiff developers. Kurt, thanks for your suggestion about using libtiff from head as you do for Google and it would be great if we could do that too. However here at MathWorks our product security team

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-11-07 Thread Ellen Johnson
. Only under rare circumstances would we be able to obtain an exception for this policy. From: Jeff Breidenbach Sent: Friday, November 4, 2022 7:12 PM To: Kurt Schwehr Cc: Ellen Johnson ; tiff@lists.osgeo.org Subject: Re: [Tiff] clarification on the fix status for new CVE-2022-3570? And thank you

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-11-04 Thread Jeff Breidenbach
ibing the vulnerability, but I do see that >>the libtiff fix for CVE-2022-0562 was released in 4.4.0. Can you please >>let me know if CVE-2022-34266 is a new vulnerability that’s different from >> CVE-2022-0562 as stated in the NVD CVE report? >> >&

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-11-04 Thread Kurt Schwehr
t; > > > *From:* Ellen Johnson > *Sent:* Wednesday, October 26, 2022 5:50 PM > *To:* Sulau ; tiff@lists.osgeo.org > *Subject:* RE: [Tiff] clarification on the fix status for new > CVE-2022-3570? > > > > Hi Su, > > Thank you so much for clarifying. > >

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-11-04 Thread Ellen Johnson
report? Thank you, ellen From: Ellen Johnson Sent: Wednesday, October 26, 2022 5:50 PM To: Sulau ; tiff@lists.osgeo.org Subject: RE: [Tiff] clarification on the fix status for new CVE-2022-3570? Hi Su, Thank you so much for clarifying. Do you have an estimate on the timeframe for release

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-10-26 Thread Ellen Johnson
Hi Su, Thank you so much for clarifying. Do you have an estimate on the timeframe for release of 4.5.0? Thanks, ellen From: Sulau Sent: Wednesday, October 26, 2022 4:51 PM To: tiff@lists.osgeo.org Cc: Ellen Johnson Subject: AW: [Tiff] clarification on the fix status for new

Re: [Tiff] clarification on the fix status for new CVE-2022-3570?

2022-10-26 Thread Sulau
Hi Ellen, issues 381 and 386 are fixed and related MR is merged into the master branch one week ago. So they will probably be released with next version 4.5.0 Regards, Su Von: Tiff [mailto:tiff-boun...@lists.osgeo.org] Im Auftrag von Ellen Johnson Gesendet: Montag, 24. Oktober 2022