[ubuntu/saucy-proposed] tiff 4.0.2-4ubuntu3 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue May 21 16:50:16 UTC 2013
tiff (4.0.2-4ubuntu3) saucy; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via heap
overflow in tp_process_jpeg_strip().
- debian/patches/CVE-2013-1960.patch: improve tp_process_jpeg_strip()
logic in tools/tiff2pdf.c.
- CVE-2013-1960
* SECURITY UPDATE: denial of service via stack overflow with malformed
image-length and resolution.
- debian/patches/CVE-2013-1961.patch: replace use of sprintf() with
snprintf() in contrib/dbs/xtiff/xtiff.c, libtiff/tif_codec.c,
libtiff/tif_dirinfo.c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
tools/tiff2pdf.c, tools/tiff2ps.c, tools/tiffcrop.c,
tools/tiffdither.c.
- CVE-2013-1961
Date: Mon, 13 May 2013 10:34:05 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/saucy/+source/tiff/4.0.2-4ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 May 2013 10:34:05 -0400
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 4.0.2-4ubuntu3
Distribution: saucy
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
tiff (4.0.2-4ubuntu3) saucy; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via heap
overflow in tp_process_jpeg_strip().
- debian/patches/CVE-2013-1960.patch: improve tp_process_jpeg_strip()
logic in tools/tiff2pdf.c.
- CVE-2013-1960
* SECURITY UPDATE: denial of service via stack overflow with malformed
image-length and resolution.
- debian/patches/CVE-2013-1961.patch: replace use of sprintf() with
snprintf() in contrib/dbs/xtiff/xtiff.c, libtiff/tif_codec.c,
libtiff/tif_dirinfo.c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
tools/tiff2pdf.c, tools/tiff2ps.c, tools/tiffcrop.c,
tools/tiffdither.c.
- CVE-2013-1961
Checksums-Sha1:
ace39af48418e1898ebe5e3ee217c531eed92bdb 2233 tiff_4.0.2-4ubuntu3.dsc
5cb01ebf159acc56154384ed72529d64e56966d4 22772 tiff_4.0.2-4ubuntu3.debian.tar.gz
Checksums-Sha256:
96333883e21513c8b821e765301f0a3c12edf6d779ed5f6c8475170608647a35 2233 tiff_4.0.2-4ubuntu3.dsc
993c917aee3cbb85b641f219ba118f3917f222e791586bb0a2c684c836730678 22772 tiff_4.0.2-4ubuntu3.debian.tar.gz
Files:
1ec0fe18560bcc811c029276dda80072 2233 libs optional tiff_4.0.2-4ubuntu3.dsc
be5197693b16596d74b76dcce109e410 22772 libs optional tiff_4.0.2-4ubuntu3.debian.tar.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCgAGBQJRm6LXAAoJEGVp2FWnRL6TNzIP/3pBCV26AdXUzKQ6pOxSVIS+
DBDaAjWKCJbGkAHiZcuAA8KQUsp5dZ4uaaNQmJPXFtoJz7L9t4DN1qFUSYJFO9Bd
KiRYBrKn4x673yVwBEilk1suMgTHb1EjxBVfEFo8BzIEg2RgXx67vRV9SWOvYVIZ
aAhsWaJANPvAtaJR1neOrJRXSqRsPrkO30pcndryUSvNTOD+Kqc7p6D3yXr1IazU
x5BxhPC+7otYjX6ZB4Az4Ut4D+xa47jkLryBGuT07Cka2tdd4L3ejneQPuOafpz5
L5DSpqRI0dXXtwKXbCvcWzztsNNtufZGxI8RT+vUiV0iOnWqaOMz+uQhgHBlm3mH
DgQuV71+rZteYW5NontN20CBAiylNQEWLCGWXpvC2UextVZDG7F1MAyXY4jwS1y3
5bnbr26Kgv2cJeGVBavZMm2EiK8Uzj4l2VGmFjkzUlwIq9IWsUA1/PxEgkeephNW
2/g8gPciVn6nCjz5mHSVQwgUe7yJI/GQhBloqPyk3A69SMN65q9INh2+Xw0AOmB9
goa93XVXeKSD72t8XPu5DDVOl01JCEUt5atnK/DC1e+1Ie1jRWjHOHhNR5i8PWQ1
UPL2ZshRSpHUtrJnq8Z7OOF5qjFNMkal4bSjTIwgU3r3hwc7EWdWwfLVaXVyywDI
uTS3Ez5c6uFsPat8+rk0
=qdMN
-----END PGP SIGNATURE-----
More information about the Saucy-changes
mailing list