libtiff is vulnerable to a buffer overflow when a malformed value is set as BitsPerSample.
Upstream has been informed: http://bugzilla.remotesensing.org/show_bug.cgi?id=843
Proposed patch by upstream attached to referenced bug.
Steve please commit an updated ebuild.
upstream developer has stated that this has now been fixed in cvs. (see URL above)
Created attachment 58276 [details, diff]
samples vulnerability patch
Here's the patch from cvs, the ChangeLog indicates the 1.52 revision was
incomplete, so these are the updates from 1.51-1.53.
Steve provide an updated ebuild.
Of course should have been Steve please provide an updated ebuild.
Now in CVS:
bump, cleanup, and patch for bug 91584
The new ebuild is all ~arch with the patch; the two older stable ebuilds are not
patched (haven't tried yet). 3.7.2 is listed on the maptools.org site as both
latest stable and latest development release.
Devs please test and mark 3.7.2 stable.
arm hppa ia64 mips ppc64 ppc-macos s390 will be called shortly.
I'm testing for amd64 and sparc now... is this really neccessary:
einfo "Latest tiff with bug #91584 fixes."
sparc done by eradicator, i'm no longer required here :)