Accepted tiff 3.8.2-6 (source)

Ubuntu Installer archive at
Tue Aug 8 08:34:05 BST 2006

 OK: tiff_3.8.2-6.dsc
     -> Component: main Section: libs
 OK: tiff_3.8.2-6.diff.gz

Origin: Debian/unstable
Format: 1.7
Date: Tue,  08 Aug 2006 07:42:55 +0100
Source: tiff
Binary: libtiff-tools, libtiff4-dev, libtiff-opengl, libtiff4, libtiffxx0c2
Architecture: source
Version: 3.8.2-6
Distribution: edgy
Urgency: high
Maintainer: Jay Berkenbilt <qjb at>
Changed-By: Martin Pitt <martin.pitt at>
 tiff (3.8.2-6) unstable; urgency=high
   * Add watch file
   * Tavis Ormandy of the Google Security Team discovered several problems
     in the TIFF library.  The Common Vulnerabilities and Exposures project
     identifies the following issues:
      - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
      - CVE-2006-3460: A heap overflow vulnerability was discovered in the
        jpeg decoder
      - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
      - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
      - CVE-2006-3463: An infinite loop was discovered in
      - CVE-2006-3464: Multiple unchecked arithmetic operations were
        uncovered, including a number of the range checking operations
        deisgned to ensure the offsets specified in tiff directories are
      - A number of codepaths were uncovered where assertions did not hold
        true, resulting in the client application calling abort()
      - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
 f231e200bc6913736ea7aa050fd131e8 750 libs optional tiff_3.8.2-6.dsc
 414aae96da370e0a568595b965da0941 16816 libs optional tiff_3.8.2-6.diff.gz

More information about the edgy-changes mailing list