Accepted tiff 3.7.4-1ubuntu2 (source)
Martin Pitt
martin.pitt at ubuntu.com
Wed May 3 12:05:07 BST 2006
Accepted:
OK: tiff_3.7.4-1ubuntu2.dsc
-> Component: main Section: libs
OK: tiff_3.7.4-1ubuntu2.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 3 May 2006 12:56:50 +0200
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source
Version: 3.7.4-1ubuntu2
Distribution: dapper
Urgency: low
Maintainer: Jay Berkenbilt <qjb at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
tiff (3.7.4-1ubuntu2) dapper; urgency=low
.
* SECURITY UPDATE: DoS and arbitrary code execution with crafted TIFF files.
* Add debian/patches/3.8.1-security-fixes.patch: Backported security
relevant fixes from stable 3.8.1 release:
- libtiff/tif_dirread.c: Fix error reporting in TIFFFetchAnyArray()
(%d in format string without corresponding integer argument).
[CVE-2006-2024]
- libtiff/{tif_pixarlog.c, tif_fax3.c, tif_zip.c}: Properly
restore setfield/getfield methods in cleanup functions to avoid crash on
invalid files. [CVE-2006-2024]
- libtiff/{tif_predict.c, tif_predict.h}: Added new function
TIFFPredictorCleanup() to restore parent decode/encode/field methods.
[CVE-2006-2024]
- libtiff/tif_dirread.c: Check for integer overflow in TIFFFetchData().
[CVE-2006-2025]
- libtiff/tif_jpeg.c: Properly restore setfield/getfield methods in
cleanup functions to avoid double free(). [CVE-2006-2026]
- libtiff/tif_color.c: Check for out-of-bounds values in TIFFXYZToRGB().
[CVE-2006-2120]
* See http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 for reproducer
images.
Files:
64c0ee47eee29ba0d66df51927756b8b 754 libs optional tiff_3.7.4-1ubuntu2.dsc
85220b9b57b60fa8ca0b807618086fcf 11977 libs optional tiff_3.7.4-1ubuntu2.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEWI42DecnbV4Fd/IRAkwHAJ0V2aYMYns7XQJgpnY9gJ8ZYAWd2gCdFDEG
uVEZmI8qSI8LR4EE20LQxL0=
=YPhC
-----END PGP SIGNATURE-----
More information about the dapper-changes
mailing list