From owner-freebsd-questions@freebsd.org  Thu Aug  4 16:23:34 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2E9D6BAF0B3
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu,  4 Aug 2016 16:23:34 +0000 (UTC)
 (envelope-from alexmiroslav@gmail.com)
Received: from mail-vk0-x234.google.com (mail-vk0-x234.google.com
 [IPv6:2607:f8b0:400c:c05::234])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id DEB141E86
 for <freebsd-questions@freebsd.org>; Thu,  4 Aug 2016 16:23:33 +0000 (UTC)
 (envelope-from alexmiroslav@gmail.com)
Received: by mail-vk0-x234.google.com with SMTP id w127so172133167vkh.2
 for <freebsd-questions@freebsd.org>; Thu, 04 Aug 2016 09:23:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to;
 bh=K2fyRy98fdhZSQgAUlPTUspqpPimX1vxphR78HviD4k=;
 b=U9QGlfojKdWFMOU+GmLiXK8evQ1WpP7JbidvbuTu14xJAd+McJFBlTMRe9kh+jhk4P
 H/gievoQEQDtyfXUot8XMooM7I60mBZMACsHxGydFlxvqqVZgQdd8wYrBXh98TWilNO4
 /wM7z3xeGpQm+cRYuu+lBCerSrX/1VEZeDxxMNx6naWdmsEynoaL6XGshnN/GLrO3rL7
 ZLiONKD+qN6xRok1VIbpuM2KrL8lFPaSbxBV+84SQBTFxzizv/JoO1kSFr9S2CL5lVbK
 XTy+P89RXmOXFMKf91OgZuMap+nSZiJHE//PIa4pW0SQRpYin3SJQnRMwffbIOmm7lFa
 3+Dw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
 bh=K2fyRy98fdhZSQgAUlPTUspqpPimX1vxphR78HviD4k=;
 b=VVAcRkSXYkaRRF6+ARmGbCEUfvERrb/hX+mjObJnzwRikcl/Fdpg1WtKzvS49ST6If
 4s1tNRL7/d9s3A7wWUHxaUfGFh1bwSxJSFkPx+/ozJURdgne/B7V43syWVDyQq0JlD43
 Wz4Jdh+mx3mBMRtGWVbEJWTRYVfhHt/UV4w55+30gcR1yVlCCzjrTD02eV4ySOPJQ273
 u0bR7eWDNzVJ+N8MZA2RwPvHiDvauds2ZiqtJCRwgvM3dyrdm6ehB5VQuBv3YT7fuXm6
 VxSjJ5ObGkxvKberJQKcwOm/OxG0CSnrHkwBoQ53mmgN8XVQIute7jaj4gYtR5VzxZ7M
 VSJA==
X-Gm-Message-State: AEkoous3Ama4DtIF5pTShbFUlz7cenZw72iemyyzyitWfYCWL13AlmY6AmRYjYTGtKYxlNCpPh13aoADbMtzLQ==
X-Received: by 10.31.248.5 with SMTP id w5mr36501944vkh.142.1470327811738;
 Thu, 04 Aug 2016 09:23:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.176.2.193 with HTTP; Thu, 4 Aug 2016 09:23:31 -0700 (PDT)
From: Aleksandr Miroslav <alexmiroslav@gmail.com>
Date: Thu, 4 Aug 2016 09:23:31 -0700
Message-ID: <CACcSE1z4m_o9z2Ttw-Sb7bNhVmnwDrVX8BQFfa2a_dBbW_hwyw@mail.gmail.com>
Subject: tiff vulnerability in ports?
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.22
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Aug 2016 16:23:34 -0000

This is perhaps a question for the tiff devs more than anything, but I
noticed that pkg audit has been complaining about libtiff (graphics/tiff)
for some time now.

FreeBSD's VUXML database says anything before 4.0.7 is affected, but
apparently that version hasn't been released yet (according to
http://www.remotesensing.org/libtiff/, the latest stable release is still
4.0.6).

Anyone know what's going on? Is there a release upcoming to fix this?

Thanks,
Alex