Branches for Edgy

Author: Jay Berkenbilt
Revision Date: 2006-07-31 18:14:59 UTC

* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
  in the TIFF library. The Common Vulnerabilities and Exposures project
  identifies the following issues:
   - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
     tif_dirread.c
   - CVE-2006-3460: A heap overflow vulnerability was discovered in the
     jpeg decoder
   - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
   - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
     overflow
   - CVE-2006-3463: An infinite loop was discovered in
     EstimateStripByteCounts()
   - CVE-2006-3464: Multiple unchecked arithmetic operations were
     uncovered, including a number of the range checking operations
     deisgned to ensure the offsets specified in tiff directories are
     legitimate.
   - A number of codepaths were uncovered where assertions did not hold
     true, resulting in the client application calling abort()
   - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
     support