[ubuntu/lucid-security] tiff (delayed), tiff 3.9.2-2ubuntu0.4 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Mar 7 15:07:20 UTC 2011


tiff (3.9.2-2ubuntu0.4) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
    (LP: #597246)
    - debian/patches/CVE-2010-2482.patch: look for missing strip byte
      counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
    - CVE-2010-2482
  * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
    values
    - debian/patches/CVE-2010-2595.patch: validate values in
      libtiff/tif_color.c.
    - CVE-2010-2595
  * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
    - debian/patches/CVE-2010-2597.patch: properly initialize fields in
      libtiff/tif_strip.c.
    - CVE-2010-2597
    - CVE-2010-2598
  * SECURITY UPDATE: denial of service via out-of-order tags
    - debian/patches/CVE-2010-2630.patch: correctly handle order in
      libtiff/tif_dirread.c.
    - CVE-2010-2630
  * SECURITY UPDATE: denial of service and possible code execution via
    heap corruption in JPEGDecodeRaw
    - debian/patches/CVE-2010-3087.patch: check for overflows in
      libtiff/tif_jpeg.c, libtiff/tif_strip.c.
    - CVE-2010-3087
  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in Fax4Decode
    - debian/patches/CVE-2011-0192.patch: check length in
      libtiff/tif_fax3.h.
    - CVE-2011-0192

Date: Thu, 03 Mar 2011 13:42:43 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.4
-------------- next part --------------
Format: 1.8
Date: Thu, 03 Mar 2011 13:42:43 -0500
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 3.9.2-2ubuntu0.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Launchpad-Bugs-Fixed: 593067 597246
Changes: 
 tiff (3.9.2-2ubuntu0.4) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
     (LP: #597246)
     - debian/patches/CVE-2010-2482.patch: look for missing strip byte
       counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
     - CVE-2010-2482
   * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
     values
     - debian/patches/CVE-2010-2595.patch: validate values in
       libtiff/tif_color.c.
     - CVE-2010-2595
   * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
     - debian/patches/CVE-2010-2597.patch: properly initialize fields in
       libtiff/tif_strip.c.
     - CVE-2010-2597
     - CVE-2010-2598
   * SECURITY UPDATE: denial of service via out-of-order tags
     - debian/patches/CVE-2010-2630.patch: correctly handle order in
       libtiff/tif_dirread.c.
     - CVE-2010-2630
   * SECURITY UPDATE: denial of service and possible code execution via
     heap corruption in JPEGDecodeRaw
     - debian/patches/CVE-2010-3087.patch: check for overflows in
       libtiff/tif_jpeg.c, libtiff/tif_strip.c.
     - CVE-2010-3087
   * SECURITY UPDATE: denial of service and possible code execution via
     buffer overflow in Fax4Decode
     - debian/patches/CVE-2011-0192.patch: check length in
       libtiff/tif_fax3.h.
     - CVE-2011-0192
Checksums-Sha1: 
 0e7321a02c7a302d2173356696750f5a3357bb10 1936 tiff_3.9.2-2ubuntu0.4.dsc
 f61cc52895f07a87fc619265784341a0e99b5576 20063 tiff_3.9.2-2ubuntu0.4.diff.gz
Checksums-Sha256: 
 e9b1677042638660e361ca4d6d98be30761c0aea7c974fd68ebc41f30265a8ca 1936 tiff_3.9.2-2ubuntu0.4.dsc
 193bc6ba7f87d8407ba1cc2435b208f71d31ed014d45767164b1bab4fb28d3af 20063 tiff_3.9.2-2ubuntu0.4.diff.gz
Files: 
 47c1d116c4f792f5423dc8f1d3eb54db 1936 libs optional tiff_3.9.2-2ubuntu0.4.dsc
 ad8a0d1f9dfdd079921a554a091f4977 20063 libs optional tiff_3.9.2-2ubuntu0.4.diff.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>


More information about the Lucid-changes mailing list