Accepted tiff 3.7.4-1ubuntu2 (source)

Martin Pitt martin.pitt at ubuntu.com
Wed May 3 12:05:07 BST 2006 

Accepted:
 OK: tiff_3.7.4-1ubuntu2.dsc
     -> Component: main Section: libs
 OK: tiff_3.7.4-1ubuntu2.diff.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed,  3 May 2006 12:56:50 +0200
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source
Version: 3.7.4-1ubuntu2
Distribution: dapper
Urgency: low
Maintainer: Jay Berkenbilt <qjb at debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes: 
 tiff (3.7.4-1ubuntu2) dapper; urgency=low
 .
   * SECURITY UPDATE: DoS and arbitrary code execution with crafted TIFF files.
   * Add debian/patches/3.8.1-security-fixes.patch: Backported security
     relevant fixes from stable 3.8.1 release:
     - libtiff/tif_dirread.c: Fix error reporting in TIFFFetchAnyArray()
       (%d in format string without corresponding integer argument).
       [CVE-2006-2024]
     - libtiff/{tif_pixarlog.c, tif_fax3.c, tif_zip.c}: Properly
       restore setfield/getfield methods in cleanup functions to avoid crash on
       invalid files. [CVE-2006-2024]
     - libtiff/{tif_predict.c, tif_predict.h}: Added new function
       TIFFPredictorCleanup() to restore parent decode/encode/field methods.
       [CVE-2006-2024]
     - libtiff/tif_dirread.c: Check for integer overflow in TIFFFetchData().
       [CVE-2006-2025]
     - libtiff/tif_jpeg.c: Properly restore setfield/getfield methods in
       cleanup functions to avoid double free(). [CVE-2006-2026]
     - libtiff/tif_color.c: Check for out-of-bounds values in TIFFXYZToRGB().
       [CVE-2006-2120]
   * See http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 for reproducer
     images.
Files: 
 64c0ee47eee29ba0d66df51927756b8b 754 libs optional tiff_3.7.4-1ubuntu2.dsc
 85220b9b57b60fa8ca0b807618086fcf 11977 libs optional tiff_3.7.4-1ubuntu2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFEWI42DecnbV4Fd/IRAkwHAJ0V2aYMYns7XQJgpnY9gJ8ZYAWd2gCdFDEG
uVEZmI8qSI8LR4EE20LQxL0=
=YPhC
-----END PGP SIGNATURE-----

More information about the dapper-changes mailing list