[Bug 1065637] Re: please Update to 3.9.7 in R

Matt Fischer 1065637 at bugs.launchpad.net
Wed Nov 7 20:16:17 UTC 2012 

I just noticed the 300k diff, ouch.  Anyway, all the files are posted
here:

http://people.canonical.com/~mfisch/tiff3/

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1065637

Title:
  please Update to 3.9.7 in R

Status in “tiff3” package in Ubuntu:
  In Progress

Bug description:
  Please update to 3.9.7 for R.  Note that the 3.x tree is stable,
  there's also a 4.x branch which is unstable.  It's also possible that
  3.9.7 is superseded before R opens, if that happens, I'll redo this.

  Lots of fixes in 3.9.7 and removes the need for several patches:

  2012-09-22  Bob Friesenhahn  <bfriesen at simple.dallas.tx.us>

      * libtiff 3.9.7 released.

      * automake: Update to use GNU automake 1.12.4

  2012-07-19  Tom Lane  <tgl at sss.pgh.pa.us>

      * tools/tiff2pdf.c: Fix two places where t2p_error didn't get set
      after a malloc failure.  No crash risk AFAICS, but the program
      might not report exit code 1 as desired.  h/t mancha at mac.hush.com

  2012-07-18  Tom Lane  <tgl at sss.pgh.pa.us>

      * tools/tiff2pdf.c: Fail when TIFFSetDirectory() fails.  This
      prevents core dumps or perhaps even arbitrary code execution when
      processing a corrupt input file (CVE-2012-3401).

  2012-06-15  Tom Lane  <tgl at sss.pgh.pa.us>

      * libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0
      behavior of treating signed overflow as an error in TIFFVStripSize
      and TIFFVTileSize.  This is needed since the result is declared as
      tsize_t which is signed, and callers are likely to do the wrong
      thing entirely when the returned value is negative (CVE-2012-2088).

      * tools/tiff2pdf.c: Defend against integer overflows while
      calculating required buffer sizes (CVE-2012-2113).

  2012-06-04  Frank Warmerdam  <warmerdam at google.com>

      * libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default
      of 1 for purposes of trimming tags.  This is to get some super
      crappy OJPEG files to work again.  Grr.
      http://bugzilla.maptools.org/show_bug.cgi?id=2348

  2012-06-01  Frank Warmerdam  <warmerdam at google.com>

      * libtiff/tif_dir.c: Avoid generic handling of TIFFTAG_WHITELEVEL.
      http://bugzilla.maptools.org/show_bug.cgi?id=2321

  2012-05-19  Bob Friesenhahn  <bfriesen at simple.dallas.tx.us>

      * man/TIFFGetField.3tiff: Correct the 'count' field type in the
      example for how to retreive the value of unsupported tags.

  2012-03-30  Frank Warmerdam  <warmerdam at google.com>

      * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173)
      care of Tom Lane @ Red Hat.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff3/+bug/1065637/+subscriptions

More information about the Ubuntu-sponsors mailing list