From Mandrake advisory : ----------------------------------- Several vulnerabilities have been discovered in the libtiff package; wxGTK2 uses a libtiff code tree, so it may have the same vulnerabilities: Chris Evans discovered several problems in the RLE (run length encoding) decoders that could lead to arbitrary code execution. (CAN-2004-0803) Matthias Clasen discovered a division by zero through an integer overflow. (CAN-2004-0804) Dmitry V. Levin discovered several integer overflows that caused malloc issues which can result to either plain crash or memory corruption. (CAN-2004-0886) ---------------------------------------- Our version looks dynamically linked: # ldd /usr/lib/libwx_gtk2* | grep libtiff libtiff.so.3 => /usr/lib/libtiff.so.3 (0x409a8000) libtiff.so.3 => /usr/lib/libtiff.so.3 (0x409a8000) libtiff.so.3 => /usr/lib/libtiff.so.3 (0x409a8000) libtiff.so.3 => /usr/lib/libtiff.so.3 (0x404d2000) libtiff.so.3 => /usr/lib/libtiff.so.3 (0x404d2000) libtiff.so.3 => /usr/lib/libtiff.so.3 (0x404d2000) however to be sure I prefer to ask you to confirm that the libtiff code in wxGTK is ignored by Gentoo builds :)
I checked all our ebuilds and I can confirm none give the user any option to compile with wxGTK's tiff code.
Perfect :) Thanks for this quick answer.
