[Bug 1016987] Re: Sync tiff 4.0.1-8 (main) from Debian unstable (main)
Jeremy Bicha
jeremy at bicha.net
Sun Jun 24 04:01:24 UTC 2012
I guess this would actually need tiff3 to be synced also. An entry in
http://people.canonical.com/~ubuntu-archive/sync-blacklist.txt says...
# cjwatson, 2012-06-01
# Temporary blacklist entries for quantal, requiring manual resolution due
# to conflicts with existing Ubuntu-versioned binaries.
...
tiff3 # requires jbigkit MIR
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1016987
Title:
Sync tiff 4.0.1-8 (main) from Debian unstable (main)
Status in “tiff” package in Ubuntu:
New
Bug description:
Please sync tiff 4.0.1-8 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: arbitrary code execution via size overflow
- debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
- CVE-2012-1173
Fixed in 4.0.1-2.
Changelog entries since current quantal version 3.9.5-2ubuntu1:
tiff (4.0.1-8) unstable; urgency=low
* Call glFlush() in tiffgt to fix display problems. From
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/797166.
-- Jay Berkenbilt <qjb at debian.org> Sat, 16 Jun 2012 21:20:04 -0400
tiff (4.0.1-7) unstable; urgency=low
* Add new temporary package libtiff5-alt-dev, which provides libtiff5
development files in a location that doesn't conflict with
libtiff4-dev. See README.Debian for details.
-- Jay Berkenbilt <qjb at debian.org> Thu, 24 May 2012 15:24:36 -0400
tiff (4.0.1-6) unstable; urgency=low
* Include pkg-config files
-- Jay Berkenbilt <qjb at debian.org> Sun, 13 May 2012 12:53:38 -0400
tiff (4.0.1-5) unstable; urgency=low
* Fix shlibs again.
-- Jay Berkenbilt <qjb at debian.org> Sun, 22 Apr 2012 11:41:44 -0400
tiff (4.0.1-4) unstable; urgency=low
* Use >= instead of > in shlibs file.
-- Jay Berkenbilt <qjb at debian.org> Sun, 22 Apr 2012 10:57:02 -0400
tiff (4.0.1-3) unstable; urgency=low
* Support JBIG now that patents have expired. (Closes: #667835)
* Support LZMA.
-- Jay Berkenbilt <qjb at debian.org> Sat, 14 Apr 2012 19:03:04 -0400
tiff (4.0.1-2) unstable; urgency=high
* Incorporated fix to CVE-2012-1173, a problem in the parsing of the
TileSize entry, which could result in the execution of arbitrary code
if a malformed image is opened.
* Updated standards to 3.9.3
-- Jay Berkenbilt <qjb at debian.org> Fri, 06 Apr 2012 10:10:48 -0400
tiff (4.0.1-1) unstable; urgency=low
* New upstream release
* Point watch file to new download location
-- Jay Berkenbilt <qjb at debian.org> Mon, 20 Feb 2012 09:43:54 -0500
tiff (4.0.0-2) experimental; urgency=low
* Rename libtiff-dev -> libtiff5-dev to avoid premature transition for
packages that explicitly depend on libtiff-dev. At some future time,
libtiff5-dev will provide or be renamed back to libtiff-dev.
-- Jay Berkenbilt <qjb at debian.org> Sat, 04 Feb 2012 09:41:19 -0500
tiff (4.0.0-1) experimental; urgency=low
* New upstream release
* Enable versioned symbols
-- Jay Berkenbilt <qjb at debian.org> Sat, 28 Jan 2012 10:56:23 -0500
tiff (4.0.0~beta7-2) experimental; urgency=low
* Incorporated changes from 3.9.5-2: security hardening and
multiarch
-- Jay Berkenbilt <qjb at debian.org> Sat, 17 Sep 2011 10:28:53 -0400
tiff (4.0.0~beta7-1) experimental; urgency=low
* New upstream release including many security fixes and other
improvements
* Updated changelog with changes from 3.x series.
* Updated standards version to 3.9.2. No changes required.
-- Jay Berkenbilt <qjb at debian.org> Sat, 16 Apr 2011 13:45:33 -0400
tiff (4.0.0~beta6-3) experimental; urgency=low
* Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
putcontig8bitYCbCr11tile", from 3.9.4-4.
-- Jay Berkenbilt <qjb at debian.org> Sat, 02 Oct 2010 13:31:41 -0400
tiff (4.0.0~beta6-2) experimental; urgency=low
* Incorporate changes from 3.9.4-{2,3} including updating standards
version to 3.9.1 along with associated fixes. (CVE-2010-2233 was
already fixed in this version.)
-- Jay Berkenbilt <qjb at debian.org> Sat, 14 Aug 2010 16:36:44 -0400
tiff (4.0.0~beta6-1) experimental; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb at debian.org> Fri, 18 Jun 2010 21:42:57 -0400
tiff (4.0.0~beta5-2) experimental; urgency=low
* Depend on libjpeg-dev instead of libjpeg62-dev.
* Change source format to '3.0 (quilt)'
* Update standards version to 3.8.4. No changes required.
-- Jay Berkenbilt <qjb at debian.org> Wed, 10 Feb 2010 19:36:43 -0500
tiff (4.0.0~beta5-1) experimental; urgency=low
* New upstream release
-- Jay Berkenbilt <qjb at debian.org> Fri, 06 Nov 2009 22:58:07 -0500
tiff (4.0.0~beta4-1) experimental; urgency=low
* New upstream release. All debian patches incorporated among many
other fixes and enhancements.
-- Jay Berkenbilt <qjb at debian.org> Fri, 28 Aug 2009 11:30:09 -0400
tiff (4.0.0~beta3-2) experimental; urgency=low
* Fixed previously incorrect patch to lzw problem.
-- Jay Berkenbilt <qjb at debian.org> Mon, 24 Aug 2009 14:45:10 -0400
tiff (4.0.0~beta3-1) experimental; urgency=low
* New upstream release. This version is not binary compatible with the
3.x series, nor is it entirely source compatible, but most
applications should port easily.
-- Jay Berkenbilt <qjb at debian.org> Fri, 21 Aug 2009 13:39:37 -0400
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1016987/+subscriptions
More information about the Ubuntu-sponsors
mailing list