[ubuntu/raring-proposed] tiff 4.0.2-4ubuntu1 (Accepted)

Sebastien Bacher seb128 at ubuntu.com
Tue Nov 6 12:25:24 UTC 2012 

tiff (4.0.2-4ubuntu1) raring; urgency=low

  * Resynchronize on Debian, remaining change
  * debian/control: Have libtiff5-dev Provide libtiff-dev

tiff (4.0.2-4) unstable; urgency=high

  * Previous change was uploaded with the wrong CVE number.  I updated the
    last changelog entry.  The correct CVE number is CVE-2012-4447.

tiff (4.0.2-3) unstable; urgency=high

  * Add fix for CVE-2012-4447, a buffer overrun.  (Closes: #688944)

tiff (4.0.2-2) unstable; urgency=high

  * SECURITY UPDATE: possible arbitrary code execution via heap overflow
    in tiff2pdf.  (Closes: #682115)
    - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
      tools/tiff2pdf.c.
    - CVE-2012-3401
    Changes prepared by Marc Deslauriers for Ubuntu.  Thanks!

Date: Tue, 06 Nov 2012 13:21:39 +0100
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/tiff/4.0.2-4ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 06 Nov 2012 13:21:39 +0100
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 4.0.2-4ubuntu1
Distribution: raring
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Sebastien Bacher <seb128 at ubuntu.com>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 682115 688944
Changes: 
 tiff (4.0.2-4ubuntu1) raring; urgency=low
 .
   * Resynchronize on Debian, remaining change
   * debian/control: Have libtiff5-dev Provide libtiff-dev
 .
 tiff (4.0.2-4) unstable; urgency=high
 .
   * Previous change was uploaded with the wrong CVE number.  I updated the
     last changelog entry.  The correct CVE number is CVE-2012-4447.
 .
 tiff (4.0.2-3) unstable; urgency=high
 .
   * Add fix for CVE-2012-4447, a buffer overrun.  (Closes: #688944)
 .
 tiff (4.0.2-2) unstable; urgency=high
 .
   * SECURITY UPDATE: possible arbitrary code execution via heap overflow
     in tiff2pdf.  (Closes: #682115)
     - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
       tools/tiff2pdf.c.
     - CVE-2012-3401
     Changes prepared by Marc Deslauriers for Ubuntu.  Thanks!
Checksums-Sha1: 
 e72f0c757c6c6bb983190bc60575bf0b5228ec8e 1593 tiff_4.0.2-4ubuntu1.dsc
 73c2b266da30c723b75031fdb12b54913d410187 15716 tiff_4.0.2-4ubuntu1.debian.tar.gz
Checksums-Sha256: 
 94c835b2baefdb426a2b4bb41a6165a79589d106ba347f6d988d6cd018539ec9 1593 tiff_4.0.2-4ubuntu1.dsc
 59a0bec75ea028c3f4cce87d8edcf3f7f79a7f684a6a3ae33c4ca298dccd7a53 15716 tiff_4.0.2-4ubuntu1.debian.tar.gz
Files: 
 1cb35bae19c9ae866de93f64a5297dc0 1593 libs optional tiff_4.0.2-4ubuntu1.dsc
 1f6ae14b606f835dad02d4bcd26d92b1 15716 libs optional tiff_4.0.2-4ubuntu1.debian.tar.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAlCZASgACgkQQxo87aLX0pLxSgCgzRHhxxh8xqk/uodnBnIK7EFR
I24An1hpKM9jlVR2TIhbNlrSgt4ggT0X
=XeeC
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list