[Bug 1065637] Re: please Update to 3.9.7 in R

Ubuntu Foundation's Bug Bot 1065637 at bugs.launchpad.net
Fri Oct 12 04:16:55 UTC 2012 

The attachment "3.9.6_to_3.9.7.debdiff" of this bug report has been
identified as being a patch in the form of a debdiff.  The ubuntu-
sponsors team has been subscribed to the bug report so that they can
review and hopefully sponsor the debdiff.  In the event that this is in
fact not a patch you can resolve this situation by removing the tag
'patch' from the bug report and editing the attachment so that it is not
flagged as a patch.  Additionally, if you are member of the ubuntu-
sponsors team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by
Brian Murray.  Please contact him regarding any issues with the action
taken in this bug report.]

** Tags added: patch

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1065637

Title:
  please Update to 3.9.7 in R

Status in “tiff3” package in Ubuntu:
  In Progress

Bug description:
  Please update to 3.9.7 for R.  Note that the 3.x tree is stable,
  there's also a 4.x branch which is unstable.  It's also possible that
  3.9.7 is superseded before R opens, if that happens, I'll redo this.

  Lots of fixes in 3.9.7 and removes the need for several patches:

  2012-09-22  Bob Friesenhahn  <bfriesen at simple.dallas.tx.us>

      * libtiff 3.9.7 released.

      * automake: Update to use GNU automake 1.12.4

  2012-07-19  Tom Lane  <tgl at sss.pgh.pa.us>

      * tools/tiff2pdf.c: Fix two places where t2p_error didn't get set
      after a malloc failure.  No crash risk AFAICS, but the program
      might not report exit code 1 as desired.  h/t mancha at mac.hush.com

  2012-07-18  Tom Lane  <tgl at sss.pgh.pa.us>

      * tools/tiff2pdf.c: Fail when TIFFSetDirectory() fails.  This
      prevents core dumps or perhaps even arbitrary code execution when
      processing a corrupt input file (CVE-2012-3401).

  2012-06-15  Tom Lane  <tgl at sss.pgh.pa.us>

      * libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0
      behavior of treating signed overflow as an error in TIFFVStripSize
      and TIFFVTileSize.  This is needed since the result is declared as
      tsize_t which is signed, and callers are likely to do the wrong
      thing entirely when the returned value is negative (CVE-2012-2088).

      * tools/tiff2pdf.c: Defend against integer overflows while
      calculating required buffer sizes (CVE-2012-2113).

  2012-06-04  Frank Warmerdam  <warmerdam at google.com>

      * libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default
      of 1 for purposes of trimming tags.  This is to get some super
      crappy OJPEG files to work again.  Grr.
      http://bugzilla.maptools.org/show_bug.cgi?id=2348

  2012-06-01  Frank Warmerdam  <warmerdam at google.com>

      * libtiff/tif_dir.c: Avoid generic handling of TIFFTAG_WHITELEVEL.
      http://bugzilla.maptools.org/show_bug.cgi?id=2321

  2012-05-19  Bob Friesenhahn  <bfriesen at simple.dallas.tx.us>

      * man/TIFFGetField.3tiff: Correct the 'count' field type in the
      example for how to retreive the value of unsupported tags.

  2012-03-30  Frank Warmerdam  <warmerdam at google.com>

      * tif_getimage.c: Fix size overflow (zdi-can-1221,CVE-2012-1173)
      care of Tom Lane @ Red Hat.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff3/+bug/1065637/+subscriptions

More information about the Ubuntu-sponsors mailing list