Accepted tiff 3.8.2-5 (source)

Ubuntu Installer archive at
Sun Jun 25 12:07:04 BST 2006

 OK: tiff_3.8.2.orig.tar.gz
 OK: tiff_3.8.2-5.diff.gz
 OK: tiff_3.8.2-5.dsc
     -> Component: main Section: libs

Origin: Debian/unstable
Format: 1.7
Date: Sun,  25 Jun 2006 11:59:34 +0100
Source: tiff
Binary: libtiff-tools, libtiff4-dev, libtiff-opengl, libtiff4, libtiffxx0c2
Architecture: source
Version: 3.8.2-5
Distribution: edgy
Urgency: high
Maintainer: Jay Berkenbilt <qjb at>
Changed-By: Martin Pitt <martin.pitt at>
Closes: 349921 350715 351223 352849 365722 369819 371064 373102
 tiff (3.8.2-5) unstable; urgency=low
   * Fix logic error that caused -q flag to be ignored when doing jpeg
     compression with tiff2pdf.  (Closes: #373102)
 tiff (3.8.2-4) unstable; urgency=high
   * SECURITY UPDATE: Arbitrary command execution with crafted TIF files.
     Thanks to Martin Pitt.  (Closes: #371064)
   * Add debian/patches/tiff2pdf-octal-printf.patch:
     - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
       signed char (it printed a signed integer, which overflew the buffer and
       was wrong anyway).
     - CVE-2006-2193
 tiff (3.8.2-3) unstable; urgency=high
   * SECURITY UPDATE: Arbitrary command execution with crafted long file
     names.  Thanks to Martin Pitt for forwarding this.
     Add debian/patches/tiffsplit-fname-overflow.patch:
     - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
       user-specified file name into a statically sized buffer.
     CVE-2006-2656.  (Closes: #369819)
   * Update standards version to 3.7.2.  No changes required.
   * Moved doc-base information to libtiff4 instead of libtiff4-dev.
 tiff (3.8.2-2) unstable; urgency=low
   * Fix build dependencies to get OpenGL utility libraries after new Xorg
     packaging.  (Closes: #365722)
   * Updated standards version to 3.7.0; no changes required to package.
 tiff (3.8.2-1) unstable; urgency=low
   * New upstream release
 tiff (3.8.0-3) unstable; urgency=low
   * Switched build dependency from xlibmesa-gl-dev to libgl1-mesa-dev
     (incorporating Ubunutu patch)
   * Incorporated patch from upstream to fix handling of RGBA tiffs in
     tiff2pdf.  (Closes: #352849)
 tiff (3.8.0-2) unstable; urgency=low
   * Applied fixes from upstream to address a memory access violation
     [CVE-2006-0405].  (Closes: #350715, #351223)
 tiff (3.8.0-1) unstable; urgency=low
   * New upstream release.  (Closes: #349921)
   * NOTE: The debian version of 3.8.0 includes a patch to correct a binary
     incompatibility in the original 3.8.0 release.  This libtiff package
     is binary compatible with 3.7.4 and will be binary compatible with the
     upcoming 3.8.1 release.
 e6ec4ab957ef49d5aabc38b7a376910b 1333780 libs optional tiff_3.8.2.orig.tar.gz
 8d3d9fffd10bfe3dc1d7828438665b16 10345 libs optional tiff_3.8.2-5.diff.gz
 5df1146e0700fc95aef281b2c503b544 750 libs optional tiff_3.8.2-5.dsc

More information about the edgy-changes mailing list