[ubuntu/lucid-security] tiff 3.9.2-2ubuntu0.13 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Tue May 21 16:26:19 UTC 2013


tiff (3.9.2-2ubuntu0.13) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via heap
    overflow in tp_process_jpeg_strip().
    - debian/patches/CVE-2013-1960.patch: improve tp_process_jpeg_strip()
      logic in tools/tiff2pdf.c.
    - CVE-2013-1960
  * SECURITY UPDATE: denial of service via stack overflow with malformed
    image-length and resolution.
    - debian/patches/CVE-2013-1961.patch: replace use of sprintf() with
      snprintf() in contrib/dbs/xtiff/xtiff.c, libtiff/tif_codec.c,
      libtiff/tif_dirinfo.c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
      tools/tiff2pdf.c, tools/tiff2ps.c, tools/tiffcrop.c,
      tools/tiffdither.c.
    - CVE-2013-1961

Date: 2013-05-13 18:15:14.174780+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.13
-------------- next part --------------
Sorry, changesfile not available.


More information about the Lucid-changes mailing list