forked from vadz/libtiff
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathHOWTO-SECURITY-RELEASE
More file actions
19 lines (14 loc) · 816 Bytes
/
HOWTO-SECURITY-RELEASE
File metadata and controls
19 lines (14 loc) · 816 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
LibTIFF Security Issue Handling
===============================
Libtiff can be a significant security risk as many tools use it to read
TIFF files which can come from hostile sources. Thus buffer overflows
and other security holes in libtiff put many users at risk. To that end
we try to deal with security problems fairly quickly and to provide advance
notice to various interested parties to role out security fixes before they
go out in a standard release.
This document is new and will presumably evolve.
1) The mailing list distros@vs.openwall.org can be used to notify folks
at various linux OS distributions as well as the BSD folks about problems
in libtiff. Make sure to prefix subject with [vs]. More info at:
http://oss-security.openwall.org/wiki/mailing-lists/distros
... to be continued ...