From: Stuart Henderson <stu@spacehopper.org>
Subject: Re: graphics/tiff: fix integer overflows leading to heap overflows
To: Christian Weisgerber <naddy@mips.inka.de>
Cc: ports@openbsd.org
Date: Tue, 14 Apr 2026 20:04:05 +0100

On 2026/04/14 18:02, Christian Weisgerber wrote:
> Grab upstream fixes for integer overflows that lead to heap overflows.
> One is a fix for CVE-2026-4775.  While looking over the commit history,
> I also noticed another fix that looked worthwhile.  This is a game
> of whack-a-mole ...
> 
> OK?

yes.

when checking commits for those I noticed
https://gitlab.com/libtiff/libtiff/-/commit/200e5ca51e477ac439ef9514c3c3ac8c9799a5c8
which would be worth grabbing too, I think - I'll prepare a diff.