I'm aware I'm late to the party. I remember there were plenty of CVEs in the tools and https://gitlab.com/libtiff/libtiff/-/merge_requests/569 is fixing those problems and bringing the tools back. Which is nice. Did anybody check though whether all of those CVEs that got closed when we removed the tools are really fixed? I'm missing the CVE names in the git commits and in the changelog as well. I believe it was quite a number of CVEs that got closed by removing the tools.
Do I need to look for those issues on Gitlab that tracking those CVEs, run the reproducer and see whether the issue is fixed or was it somewhere documented when developing the fix? Best, Michael On Wed, Sep 11, 2024 at 9:50 AM Even Rouault via Tiff <[email protected]> wrote: > > Hi, > > I've prepared a second release candidate for libtiff v4.7.0: > > - https://download.osgeo.org/libtiff/tiff-4.7.0rc2.tar.gz > - https://download.osgeo.org/libtiff/tiff-4.7.0rc2.tar.gz.sig > - https://download.osgeo.org/libtiff/tiff-4.7.0rc2.tar.xz > - https://download.osgeo.org/libtiff/tiff-4.7.0rc2.tar.xz.sig > - https://download.osgeo.org/libtiff/tiff-4.7.0rc2.zip > - https://download.osgeo.org/libtiff/tiff-4.7.0rc2.zip.sig > > Motion: approve libtiff 4.7.0rc2 as final 4.7.0 release > > Starting with my +1, > > Even > > -- > http://www.spatialys.com > My software is free, but my time generally not. > > _______________________________________________ > Tiff mailing list > [email protected] > https://lists.osgeo.org/mailman/listinfo/tiff _______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
