2012-03-30 12:30:34 -04:00
|
|
|
LibTIFF Security Issue Handling
|
|
|
|
===============================
|
|
|
|
|
|
|
|
Libtiff can be a significant security risk as many tools use it to read
|
|
|
|
TIFF files which can come from hostile sources. Thus buffer overflows
|
|
|
|
and other security holes in libtiff put many users at risk. To that end
|
|
|
|
we try to deal with security problems fairly quickly and to provide advance
|
|
|
|
notice to various interested parties to role out security fixes before they
|
|
|
|
go out in a standard release.
|
|
|
|
|
|
|
|
This document is new and will presumably evolve.
|
|
|
|
|
2012-04-06 12:45:55 -04:00
|
|
|
1) The mailing list distros@vs.openwall.org can be used to notify folks
|
2012-03-30 12:30:34 -04:00
|
|
|
at various linux OS distributions as well as the BSD folks about problems
|
2012-04-06 12:45:55 -04:00
|
|
|
in libtiff. Make sure to prefix subject with [vs]. More info at:
|
|
|
|
|
|
|
|
http://oss-security.openwall.org/wiki/mailing-lists/distros
|
2012-03-30 12:30:34 -04:00
|
|
|
|
|
|
|
... to be continued ...
|