[Bug 1333429] Re: Sync tiff 4.0.3-9 (main) from Debian unstable (main)
Daniel Holbach
daniel.holbach at ubuntu.com
Tue Jun 24 06:19:21 UTC 2014
This bug was fixed in the package tiff - 4.0.3-9
Sponsored for Artur Rona (ari-tczew)
---------------
tiff (4.0.3-9) unstable; urgency=medium
* Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
#742917)
-- Jay Berkenbilt <qjb at debian.org> Sat, 21 Jun 2014 18:12:40 -0400
** Changed in: tiff (Ubuntu)
Status: New => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2013-4243
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1333429
Title:
Sync tiff 4.0.3-9 (main) from Debian unstable (main)
Status in “tiff” package in Ubuntu:
Fix Released
Bug description:
Please sync tiff 4.0.3-9 (main) from Debian unstable (main)
Explanation of the Ubuntu delta and why it can be dropped:
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool
- debian/patches/CVE-2013-4243.patch: check width and height in
tools/gif2tiff.c.
- CVE-2013-4243
Debian has merged Ubuntu changes.
Changelog entries since current utopic version 4.0.3-8ubuntu1:
tiff (4.0.3-9) unstable; urgency=medium
* Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
#742917)
-- Jay Berkenbilt <qjb at debian.org> Sat, 21 Jun 2014 18:12:40 -0400
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1333429/+subscriptions
More information about the Ubuntu-sponsors
mailing list