[ubuntu/maverick-security] tiff (delayed), tiff 3.9.4-2ubuntu0.1 (Accepted)

Ubuntu Installer archive at ubuntu.com
Mon Mar 7 15:06:31 UTC 2011 

tiff (3.9.4-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
    (LP: #597246)
    - debian/patches/CVE-2010-2482.patch: look for missing strip byte
      counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
    - CVE-2010-2482
  * SECURITY UPDATE: denial of service via invalid combination of
    SamplesPerPixel and Photometric values (LP: #591605)
    - debian/patches/CVE-2010-2483.patch: validate samplesperpixel in
      libtiff/tif_getimage.c.
    - CVE-2010-2483
  * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
    values
    - debian/patches/CVE-2010-2595.patch: validate values in
      libtiff/tif_color.c.
    - CVE-2010-2595
  * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
    - debian/patches/CVE-2010-2597.patch: properly initialize fields in
      libtiff/tif_strip.c.
    - CVE-2010-2597
    - CVE-2010-2598
  * SECURITY UPDATE: denial of service via out-of-order tags
    - debian/patches/CVE-2010-2630.patch: correctly handle order in
      libtiff/tif_dirread.c.
    - CVE-2010-2630
  * SECURITY UPDATE: denial of service and possible code execution via
    heap corruption in JPEGDecodeRaw
    - debian/patches/CVE-2010-3087.patch: check for overflows in
      libtiff/tif_jpeg.c, libtiff/tif_strip.c.
    - CVE-2010-3087
  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in Fax4Decode
    - debian/patches/CVE-2011-0192.patch: check length in
      libtiff/tif_fax3.h.
    - CVE-2011-0192

Date: Thu, 03 Mar 2011 12:16:19 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/tiff/3.9.4-2ubuntu0.1
-------------- next part --------------
Format: 1.8
Date: Thu, 03 Mar 2011 12:16:19 -0500
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 3.9.4-2ubuntu0.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Launchpad-Bugs-Fixed: 591605 593067 597246
Changes: 
 tiff (3.9.4-2ubuntu0.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
     (LP: #597246)
     - debian/patches/CVE-2010-2482.patch: look for missing strip byte
       counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
     - CVE-2010-2482
   * SECURITY UPDATE: denial of service via invalid combination of
     SamplesPerPixel and Photometric values (LP: #591605)
     - debian/patches/CVE-2010-2483.patch: validate samplesperpixel in
       libtiff/tif_getimage.c.
     - CVE-2010-2483
   * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
     values
     - debian/patches/CVE-2010-2595.patch: validate values in
       libtiff/tif_color.c.
     - CVE-2010-2595
   * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
     - debian/patches/CVE-2010-2597.patch: properly initialize fields in
       libtiff/tif_strip.c.
     - CVE-2010-2597
     - CVE-2010-2598
   * SECURITY UPDATE: denial of service via out-of-order tags
     - debian/patches/CVE-2010-2630.patch: correctly handle order in
       libtiff/tif_dirread.c.
     - CVE-2010-2630
   * SECURITY UPDATE: denial of service and possible code execution via
     heap corruption in JPEGDecodeRaw
     - debian/patches/CVE-2010-3087.patch: check for overflows in
       libtiff/tif_jpeg.c, libtiff/tif_strip.c.
     - CVE-2010-3087
   * SECURITY UPDATE: denial of service and possible code execution via
     buffer overflow in Fax4Decode
     - debian/patches/CVE-2011-0192.patch: check length in
       libtiff/tif_fax3.h.
     - CVE-2011-0192
Checksums-Sha1: 
 b103a05aca23fc76c4d255bf8a6c618e24a2e46a 1953 tiff_3.9.4-2ubuntu0.1.dsc
 a8270d3cd573527318d4e75957232f530ef03192 17639 tiff_3.9.4-2ubuntu0.1.debian.tar.gz
Checksums-Sha256: 
 0bb0b23daa3f3b1f04ab92a295716fcf674f8f013f186d838ab416105f7f7fe5 1953 tiff_3.9.4-2ubuntu0.1.dsc
 e8202fb8a59fa51251eff446d16f4e32f3c20e471ef9e9ac4d20fcc928bf61fd 17639 tiff_3.9.4-2ubuntu0.1.debian.tar.gz
Files: 
 6d3a942101adb85434c0bbb53deb71c8 1953 libs optional tiff_3.9.4-2ubuntu0.1.dsc
 28c2b693c038106798331aa44bc4b89f 17639 libs optional tiff_3.9.4-2ubuntu0.1.debian.tar.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>

More information about the Maverick-changes mailing list