[ 21:26 antoine  ]

• 426758 UPDATING
• 426758 graphics/tiff/Makefile
• 426758 graphics/tiff/distinfo
• 426758 graphics/tiff/files/patch-CVE-2015-8665_8683
• 426758 graphics/tiff/files/patch-Makefile.in
• 426758 graphics/tiff/files/patch-libtiff_tif__luv.c
• 426758 graphics/tiff/files/patch-libtiff_tif__next.c
• 426758 graphics/tiff/files/patch-libtiff_tif__pixarlog.c
• 426758 graphics/tiff/files/patch-tiffcrop.1
• 426758 graphics/tiff/files/patch-tools_gif2tiff.c

Update to 4.0.7
The following tools are removed from this release: bmp2tiff, gif2tiff,
ras2tiff, rgb2ycbcr and thumbnail.

[ 16:22 feld  ]

• 418585 graphics/tiff/Makefile
• 418585 graphics/tiff/files/patch-libtiff_tif__pixarlog.c
• 418585 graphics/tiff/files/patch-tools_gif2tiff.c

graphics/tiff: Patch vulnerabilities

These two patches were obtained from OpenBSD. An additional CVE is not
yet addressed, but upstream indicates they are removing the gif2tiff
utility as the mitigation in the upcoming 4.0.7.

PR:		211113
MFH:		2016Q3
Security:	CVE-2016-5875
Security:	CVE-2016-3186