I saw a post this morning that was ammusing in a dark way: https://shrimp.starlightnet.work/notes/acl265cbxkqwjayx
Gayathri Venkat via Tiff <[email protected]> writes: > Hello Team, > > I am Gayathri, a developer at MathWorks. I believe in past you have worked > with some of the MathWorks developers. > > At MathWorks, we are currently using libTIFF version 4.7.0 and have > recently become aware of third-party security vulnerabilities -- > CVE-2025-8176, CVE-2025-8177. More information about these issues can > be found here: NVD - > CVE-2025-8176<https://nvd.nist.gov/vuln/detail/CVE-2025-8176>, NVD - > CVE-2025-8177<https://nvd.nist.gov/vuln/detail/CVE-2025-8177>. > > To address these security issues, we are planning to upgrade to libTIFF > version 4.7.1 in the coming weeks. Indeed, most people upgrade when there's a new release. > Could you please confirm if libTIFF version 4.7.1 addresses these CVEs > (CVE-2025-8176, CVE-2025-8177)? Did you read the ChangeLog, and use git to inspect the commits made since 4.7.0 (or before)? Reading the first CVE, and spending about 3 minutes was enough to get a preliminary answer. I didn't spend the next 20 to really understand. As a corporate user of Free Software, it would be nice of you to spend a few hours digging into this, and then to submit an update to the CVE database showing which release it is fixed in, if that is how it is. _______________________________________________ Tiff mailing list [email protected] https://lists.osgeo.org/mailman/listinfo/tiff
