New vulnerabilities were discovered in libtiff (bug #91584). I'm not sure wether any of versions in Portage still include their private libtiff copy, but filing this to check. Carlo please advise.
kdegraphics-3.2 includes libtiffax, but is not affected. kde-3.3/4 use media-libs/tiff. We're safe as soon as libtiff is fixed. :)
3.2 is not the latest stable on any arches? AFAIR only 3.3 was fixed with the last tiff vulnerability.
<=kdegraphics-3.3.1 include libtiffax >=kdegraphics-3.3.2 do not The fix of the last tiff vulnerability was the update to KDE 3.3.2, but this issue wouldn't affect kdegraphics-3.3.1 either. >3.2 is not the latest stable on any arches? I don't think so, but it is not affected anyways. libtiffax does not include the vulnerable code. I guess it's just too old.
Thx for the clarification Carlo.
