[ubuntu/natty] tiff 3.9.4-5ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Mar 4 15:20:33 UTC 2011 

tiff (3.9.4-5ubuntu2) natty; urgency=low

  * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
    (LP: #597246)
    - debian/patches/CVE-2010-2482.patch: look for missing strip byte
      counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
    - CVE-2010-2482
  * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
    values
    - debian/patches/CVE-2010-2595.patch: validate values in
      libtiff/tif_color.c.
    - CVE-2010-2595
  * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
    - debian/patches/CVE-2010-2597.patch: properly initialize fields in
      libtiff/tif_strip.c.
    - CVE-2010-2597
    - CVE-2010-2598
  * SECURITY UPDATE: denial of service via out-of-order tags
    - debian/patches/CVE-2010-2630.patch: correctly handle order in
      libtiff/tif_dirread.c.
    - CVE-2010-2630
  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in Fax4Decode
    - debian/patches/CVE-2011-0192.patch: check length in
      libtiff/tif_fax3.h.
    - CVE-2011-0192

Date: Thu, 03 Mar 2011 10:52:21 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/natty/+source/tiff/3.9.4-5ubuntu2
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 03 Mar 2011 10:52:21 -0500
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 3.9.4-5ubuntu2
Distribution: natty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Launchpad-Bugs-Fixed: 593067 597246
Changes: 
 tiff (3.9.4-5ubuntu2) natty; urgency=low
 .
   * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
     (LP: #597246)
     - debian/patches/CVE-2010-2482.patch: look for missing strip byte
       counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
     - CVE-2010-2482
   * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
     values
     - debian/patches/CVE-2010-2595.patch: validate values in
       libtiff/tif_color.c.
     - CVE-2010-2595
   * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
     - debian/patches/CVE-2010-2597.patch: properly initialize fields in
       libtiff/tif_strip.c.
     - CVE-2010-2597
     - CVE-2010-2598
   * SECURITY UPDATE: denial of service via out-of-order tags
     - debian/patches/CVE-2010-2630.patch: correctly handle order in
       libtiff/tif_dirread.c.
     - CVE-2010-2630
   * SECURITY UPDATE: denial of service and possible code execution via
     buffer overflow in Fax4Decode
     - debian/patches/CVE-2011-0192.patch: check length in
       libtiff/tif_fax3.h.
     - CVE-2011-0192
Checksums-Sha1: 
 4fdcd2d477f82c5e3007f87f8abdef927b937b56 1964 tiff_3.9.4-5ubuntu2.dsc
 fb696df13fd2e2ea93cf81dca45e7afebf67830e 18094 tiff_3.9.4-5ubuntu2.debian.tar.gz
Checksums-Sha256: 
 6ac6f6e6ca3216df54c77c905315d4c17bf0405908aa1069967eaf0129408ec7 1964 tiff_3.9.4-5ubuntu2.dsc
 9750c15bc907db90b52513c9bec883a918946a68139d223059ce1ed8d9647892 18094 tiff_3.9.4-5ubuntu2.debian.tar.gz
Files: 
 8b9644b88ee545902e4b21c7436c26a3 1964 libs optional tiff_3.9.4-5ubuntu2.dsc
 d26b6352aef1b89ef413818a9b33f5f3 18094 libs optional tiff_3.9.4-5ubuntu2.debian.tar.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJNcQHqAAoJEGVp2FWnRL6TUccQAJf/+sWnLZRGIp7WgjrTg7kO
uqA10oVOwHPvmm/QcWucHQLElRMFjcw7Q+uXfZgvELCTosvLJ8NowvCk2tBmE+Qz
Kg57k+Iafgce91dJ+pIJJVR6x5TOI3oCbc+uRYjs07T4UsqVK7me/E+YkECLDp8N
BFlgsxirP546kkfw6txFCSi//4/86NgDEfcPaGtjl4sXO7aNVdfyxMgV+Kjrge7/
30gJyE3vmXrMVHTuiwP7QNrfqyGi/cbI/rox+gn+xPW0Ql7sZqGWpg13UYLuA2N1
OWWbZFKaAYc6RlnVEdo1nj33uF2jsc5kjIqCLDteeQW4tm6ePfbb1TvhLMreShnV
PdeUjieAnoSdO34XEqA1D3a21kwb8lIxn3PUCFNXmFpjHCEaoIy2Azkp40LITGbQ
ohQzQWSIUqz5+UwCf9ijhp9VYU0V7O+bIXX22wi7bqt/gNPvAL/7uDhhUYpLYJjB
ZV2TKhdZw35YNrEvpd1XutoGgR0AjJUgIR/yY84SCdVlyr+G0DC+v/Y0bSpsT5GJ
VLRtfK7jPllHjZhidGd15tGMYt1T8u7fQha5wmscRfNW+/3JILAimrwgrXF5BlM6
jKeVVuAGe/WstQp7ILQYs+RL2SYB6zhaC4oAtqQN+0qB/QUSLwus+AMSuDcJBQTD
DvfMGubb1tZj/3QuOX6C
=nI7Y
-----END PGP SIGNATURE-----

More information about the Natty-changes mailing list