lp:ubuntu/dapper-updates/tiff
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/tiff
Branch merges
Branch information
Recent revisions
- 14. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted
THUNDER_2BITDELTAS data
- debian/patches/ z_CVE-2011- 1167.patch: validate bitspersample and
make sure npixels is sane in libtiff/tif_thunder. c.
- CVE-2011-1167 - 13. By Kees Cook
-
* debian/
patches/ CVE-2011- 0192.patch: update for regression in
processing of certain CCITTFAX4 files (LP: #731540).
- http://bugzilla. maptools. org/show_ bug.cgi? id=2297 - 12. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/ z_CVE-2010- 2595.patch: validate values in
libtiff/tif_color. c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/ z_CVE-2010- 2597.patch: properly initialize fields in
libtiff/tif_strip. c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/ z_CVE-2010- 2630.patch: correctly handle order in
libtiff/tif_dirread. c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/ z_CVE-2011- 0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir. c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/ z_CVE-2011- 0192.patch: check length in
libtiff/tif_fax3. h.
- CVE-2011-0192 - 11. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution and crashes via multiple
integer overflows. Backported upstream fixes:
- debian/patches/ CVE-2010- 1411.patch
- debian/patches/ fix-unknown- tags.patch - 10. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via integer overflows in
tiff2rgba and rgb2ycbcr
- debian/patches/ CVE-2009- 2347.patch: check for integer overflows in
tools/rgb2ycbcr. c and tools/tiff2rgba.c.
- CVE-2009-2347 - 9. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via buffer underflow in the
LZWDecodeCompat function (LP: #380149)
- debian/patches/ CVE-2009- 2285.patch: abort if code is bigger than
CODE_CLEAR in libtiff/tif_lzw.c.
- CVE-2009-2285 - 8. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via LZW overflow.
* Add debian/patches/ CVE-2008- 2327.patch: thanks to Jay Berkenbilt. - 7. By Martin Pitt
-
* SECURITY UPDATE: Arbitrary code execution with crafted TIFF files, found
by Tavis Ormandy of the Google Security Team.
* Add debian/patches/ CVE-2006- 3459-3465. patch:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts( )
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support - 6. By Martin Pitt
-
* SECURITY UPDATE: Arbitrary command execution with crafted long file names.
* Add debian/patches/ tiffsplit- fname-overflow. patch:
- tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
user-specified file name into a statically sized buffer.
- CVE-2006-2656
* Add debian/patches/ tiff2pdf- octal-printf. patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflew the buffer and
was wrong anyway). - 5. By Sebastien Bacher
-
* debian/
patches/ fix_43286_ crasher. patch:
- upstream change, fix a crasher (Ubuntu: #43286)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/tiff