1 files changed, 8 insertions, 20 deletions

diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index a5738f4316..9052a34e96 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -73,7 +73,7 @@
 (define-public libpng
   (package
    (name "libpng")
-   (version "1.6.29")
+   (version "1.6.34")
    (source (origin
             (method url-fetch)
             (uri (list (string-append "mirror://sourceforge/libpng/libpng16/"
@@ -86,7 +86,7 @@
                         "/libpng16/libpng-" version ".tar.xz")))
             (sha256
              (base32
-              "0fgjqp7x6jynacmqh6dj72cn6nnf6yxjfqqqfsxrx0pyx22bcia2"))))
+              "1xjr0v34fyjgnhvaa1zixcpx5yvxcg4zwvfh0fyklfyfj86rc7ig"))))
    (build-system gnu-build-system)
 
    ;; libpng.la says "-lz", so propagate it.
@@ -390,22 +390,16 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
+   (version "4.0.9")
    (replacement libtiff/fixed)
-   (version "4.0.8")
    (source
      (origin
        (method url-fetch)
-       (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
+       (uri (string-append "http://download.osgeo.org/libtiff/tiff-"
                            version ".tar.gz"))
-       (patches
-         (search-patches "libtiff-tiffgetfield-bugs.patch"
-                         "libtiff-CVE-2016-10688.patch"
-                         "libtiff-CVE-2017-9936.patch"
-                         "libtiff-tiffycbcrtorgb-integer-overflow.patch"
-                         "libtiff-tiffycbcrtorgbinit-integer-overflow.patch"))
        (sha256
         (base32
-         "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))
+         "1kfg4q01r4mqn7dj63ifhi6pmqzbf4xax6ni6kkk81ri5kndwyvf"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "doc"))                           ;1.3 MiB of HTML documentation
@@ -436,7 +430,6 @@ collection of tools for doing simple manipulations of TIFF images.")
         (patches
           (append (origin-patches (package-source libtiff))
                   (search-patches "libtiff-CVE-2017-9935.patch"
-                                  "libtiff-CVE-2017-11335.patch"
                                   "libtiff-CVE-2017-18013.patch")))))))
 
 (define-public leptonica
@@ -496,20 +489,15 @@ arithmetic ops.")
 (define-public jbig2dec
   (package
     (name "jbig2dec")
-    (version "0.13")
+    (version "0.14")
     (source
       (origin
         (method url-fetch)
         (uri (string-append "http://downloads.ghostscript.com/public/" name "/"
                             name "-" version ".tar.gz"))
         (sha256
-          (base32 "04akiwab8iy5iy34razcvh9mcja9wy737civ3sbjxk4j143s1b2s"))
-        (patches (search-patches "jbig2dec-ignore-testtest.patch"
-                                 "jbig2dec-CVE-2016-9601.patch"
-                                 "jbig2dec-CVE-2017-7885.patch"
-                                 "jbig2dec-CVE-2017-7975.patch"
-                                 "jbig2dec-CVE-2017-7976.patch"))))
-
+          (base32 "0k01hp0q4275fj4rbr1gy64svfraw5w7wvwl08yjhvsnpb1rid11"))
+        (patches (search-patches "jbig2dec-ignore-testtest.patch"))))
     (build-system gnu-build-system)
     (synopsis "Decoder of the JBIG2 image compression format")
     (description