lp:ubuntu/edgy/tiff
- Get this branch:
- bzr branch lp:ubuntu/edgy/tiff
Branch information
Recent revisions
- 7. By Jay Berkenbilt <email address hidden>
-
* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts( )
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support - 6. By Jay Berkenbilt <email address hidden>
-
Fix logic error that caused -q flag to be ignored when doing jpeg
compression with tiff2pdf. (Closes: #373102) - 5. By Sebastien Bacher
-
* debian/
patches/ fix_43286_ crasher. patch:
- upstream change, fix a crasher (Ubuntu: #43286) - 4. By Martin Pitt
-
* SECURITY UPDATE: DoS and arbitrary code execution with crafted TIFF files.
* Add debian/patches/ 3.8.1-security- fixes.patch: Backported security
relevant fixes from stable 3.8.1 release:
- libtiff/tif_dirread. c: Fix error reporting in TIFFFetchAnyArray()
(%d in format string without corresponding integer argument).
[CVE-2006-2024]
- libtiff/{tif_pixarlog. c, tif_fax3.c, tif_zip.c}: Properly
restore setfield/getfield methods in cleanup functions to avoid crash on
invalid files. [CVE-2006-2024]
- libtiff/{tif_predict. c, tif_predict.h}: Added new function
TIFFPredictorCleanup( ) to restore parent decode/encode/field methods.
[CVE-2006-2024]
- libtiff/tif_dirread. c: Check for integer overflow in TIFFFetchData().
[CVE-2006-2025]
- libtiff/tif_jpeg.c: Properly restore setfield/getfield methods in
cleanup functions to avoid double free(). [CVE-2006-2026]
- libtiff/tif_color. c: Check for out-of-bounds values in TIFFXYZToRGB().
[CVE-2006-2120]
* See http://bugzilla. remotesensing. org/show_ bug.cgi? id=1102 for reproducer
images. - 3. By Martin Pitt
-
* Synchronize to Debian.
* Only change left: xlibmesa-gl-dev -> libgl1-mesa-dev build dependency
change. - 2. By Jay Berkenbilt
-
* New maintainer (thanks Joy!)
* Applied patch by Dmitry V. Levin to fix a segmentation fault
[tools/tiffdump. c, CAN-2004-1183]
Thanks to Martin Schulze for forwarding the patch.
* Fixed section of -dev package (devel -> libdevel)
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/tiff