From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:56415)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dLWby-0002rK-8M
	for guix-patches@gnu.org; Thu, 15 Jun 2017 11:23:07 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dLWbu-0006kC-4t
	for guix-patches@gnu.org; Thu, 15 Jun 2017 11:23:06 -0400
Received: from debbugs.gnu.org ([208.118.235.43]:47077)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1dLWbt-0006k8-ST
	for guix-patches@gnu.org; Thu, 15 Jun 2017 11:23:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1dLWbt-0000F6-N4
	for guix-patches@gnu.org; Thu, 15 Jun 2017 11:23:01 -0400
Subject: [bug#27370] [PATCH] gnu: libtiff: Fix several bugs related to
	improper codec usage [security fixes].
Resent-Message-ID: <handler.27370.B27370.1497540177921@debbugs.gnu.org>
Date: Thu, 15 Jun 2017 11:22:49 -0400
From: Leo Famulari <leo@famulari.name>
Message-ID: <20170615152249.GA2776@jasmine.lan>
References: <d892514929702b8e12877a5e4a2c0c972b36317f.1497498355.git.leo@famulari.name>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="d6Gm4EdcadzBjdND"
Content-Disposition: inline
In-Reply-To: <d892514929702b8e12877a5e4a2c0c972b36317f.1497498355.git.leo@famulari.name>
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-patches/>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
	<mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-patches" <guix-patches-bounces+kyle=kyleam.com@gnu.org>
To: 27370@debbugs.gnu.org


--d6Gm4EdcadzBjdND
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jun 14, 2017 at 11:45:57PM -0400, Leo Famulari wrote:
> Fixes CVE-2014-8128, CVE-2015-7554, CVE-2016-5318, CVE-2016-10095, and
> the other bugs listed in 'libtiff-tiffgetfield-bugs.patch'.
>=20
> * gnu/packages/patches/libtiff-tiffgetfield-bugs.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/image.scm (libtiff-4.0.8)[source]: Use it.

I'd also like to add a patch for this libtiff commit, fixing a
regression in 4.0.8:

https://github.com/vadz/libtiff/commit/cd23b66764cb0a2d67198e060a9e238380e3=
ae9f

--d6Gm4EdcadzBjdND
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAllCpkkACgkQJkb6MLrK
fwg9gxAAiEQ2GNfPXpLXQQRFXpDa3HavAWKMvA0zWi+UPzjp/y2/81W5EXx+ZEFW
EAPMa2qJI8/iFR7LB/v70Na9NzpjephsoRWu4K0fgetiVJvB2Ax9KMU4ziUPVQko
f1fsLw8toHyLaHEK0UUF8pCl98UmIYmJNLV9d0rG30YHDntaNBV8vC1MEyvkQdit
hM0vX7aCfaEM+nUatZx2VfzuI1ZAlZPNFChb3euuDhG1qXdPphG4poslA+reZsJM
TiHa+iMOEjkIKhQeUnPbCGi2vyF4zd+40Eu0yTday4HidUV/sOvahMTerG2/YHYb
hXEVY/XiwlZqS997EIcliqlCZPVMvXwEVfDU2bbFBgeQJik2Q70k5OMJ59IUg1lp
hkRgt0tnLGSbYt1GTQIh2bpN6SvjNeDoykUEfQfsmBJAdwTi/vB+F8DdBGb+u6K7
9XBwVneMAyBn1iXmX993XMp7N7cKL97lMuTZoRUw2WJItEoOjLexNJsilzEk9Wt1
EO+q8umHUFLcA8WaGTmByA2UoXWjSLsHG/lk62GS3YBpP4nPEdoTNF++X8CyJIKu
p8SfVQXIYChMsNWeiMu2FACh9TbmVVxJ3vS9yV4urydRAHnDlBBhSAqXYG4aOjEj
Tp1lS0bMruth04pBXdJG02AksudrsiYEdFyIFsMNqSr7ERW3R7Y=
=fjay
-----END PGP SIGNATURE-----

--d6Gm4EdcadzBjdND--