lp:ubuntu/dapper-security/tiff

Created by James Westby on 2009-06-27 and last modified on 2011-03-30
Get this branch:
bzr branch lp:ubuntu/dapper-security/tiff
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

14. By Marc Deslauriers on 2011-03-30

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/z_CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

13. By Kees Cook on 2011-03-14

* debian/patches/CVE-2011-0192.patch: update for regression in
  processing of certain CCITTFAX4 files (LP: #731540).
  - http://bugzilla.maptools.org/show_bug.cgi?id=2297

12. By Marc Deslauriers on 2011-03-04

* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
  values
  - debian/patches/z_CVE-2010-2595.patch: validate values in
    libtiff/tif_color.c.
  - CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
  - debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
    libtiff/tif_strip.c.
  - CVE-2010-2597
  - CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
  - debian/patches/z_CVE-2010-2630.patch: correctly handle order in
    libtiff/tif_dirread.c.
  - CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
  YCBCRSUBSAMPLING tag
  - debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
    libtiff/tif_dir.c.
  - CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in Fax4Decode
  - debian/patches/z_CVE-2011-0192.patch: check length in
    libtiff/tif_fax3.h.
  - CVE-2011-0192

11. By Kees Cook on 2010-06-17

* SECURITY UPDATE: arbitrary code execution and crashes via multiple
  integer overflows. Backported upstream fixes:
  - debian/patches/CVE-2010-1411.patch
  - debian/patches/fix-unknown-tags.patch

10. By Marc Deslauriers on 2009-07-13

* SECURITY UPDATE: arbitrary code execution via integer overflows in
  tiff2rgba and rgb2ycbcr
  - debian/patches/CVE-2009-2347.patch: check for integer overflows in
    tools/rgb2ycbcr.c and tools/tiff2rgba.c.
  - CVE-2009-2347

9. By Marc Deslauriers on 2009-07-03

* SECURITY UPDATE: denial of service via buffer underflow in the
  LZWDecodeCompat function (LP: #380149)
  - debian/patches/CVE-2009-2285.patch: abort if code is bigger than
    CODE_CLEAR in libtiff/tif_lzw.c.
  - CVE-2009-2285

8. By Kees Cook on 2008-08-29

* SECURITY UPDATE: arbitrary code execution via LZW overflow.
* Add debian/patches/CVE-2008-2327.patch: thanks to Jay Berkenbilt.

7. By Martin Pitt on 2006-08-02

* SECURITY UPDATE: Arbitrary code execution with crafted TIFF files, found
  by Tavis Ormandy of the Google Security Team.
* Add debian/patches/CVE-2006-3459-3465.patch:
  - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
    tif_dirread.c
  - CVE-2006-3460: A heap overflow vulnerability was discovered in the
    jpeg decoder
  - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
  - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
    overflow
  - CVE-2006-3463: An infinite loop was discovered in
    EstimateStripByteCounts()
  - CVE-2006-3464: Multiple unchecked arithmetic operations were
    uncovered, including a number of the range checking operations
    deisgned to ensure the offsets specified in tiff directories are
    legitimate.
  - A number of codepaths were uncovered where assertions did not hold
    true, resulting in the client application calling abort()
  - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
    support

6. By Martin Pitt on 2006-06-02

* SECURITY UPDATE: Arbitrary command execution with crafted long file names.
* Add debian/patches/tiffsplit-fname-overflow.patch:
  - tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
    user-specified file name into a statically sized buffer.
  - CVE-2006-2656
* Add debian/patches/tiff2pdf-octal-printf.patch:
  - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
    signed char (it printed a signed integer, which overflew the buffer and
    was wrong anyway).

5. By Sebastien Bacher on 2006-05-07

* debian/patches/fix_43286_crasher.patch:
  - upstream change, fix a crasher (Ubuntu: #43286)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/tiff
This branch contains Public information 
Everyone can see this information.

Subscribers