Ubuntu
tiff package

lp:ubuntu/edgy/tiff

  1. Edgy (6.10)
  2. edgy
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/edgy/tiff
Members of Ubuntu branches can upload to this branch. Log in for directions.

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

7. By Jay Berkenbilt <email address hidden>

* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
  in the TIFF library. The Common Vulnerabilities and Exposures project
  identifies the following issues:
   - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
     tif_dirread.c
   - CVE-2006-3460: A heap overflow vulnerability was discovered in the
     jpeg decoder
   - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
   - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
     overflow
   - CVE-2006-3463: An infinite loop was discovered in
     EstimateStripByteCounts()
   - CVE-2006-3464: Multiple unchecked arithmetic operations were
     uncovered, including a number of the range checking operations
     deisgned to ensure the offsets specified in tiff directories are
     legitimate.
   - A number of codepaths were uncovered where assertions did not hold
     true, resulting in the client application calling abort()
   - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
     support

6. By Jay Berkenbilt <email address hidden>

Fix logic error that caused -q flag to be ignored when doing jpeg
compression with tiff2pdf. (Closes: #373102)

5. By Sebastien Bacher

* debian/patches/fix_43286_crasher.patch:
  - upstream change, fix a crasher (Ubuntu: #43286)

4. By Martin Pitt

* SECURITY UPDATE: DoS and arbitrary code execution with crafted TIFF files.
* Add debian/patches/3.8.1-security-fixes.patch: Backported security
  relevant fixes from stable 3.8.1 release:
  - libtiff/tif_dirread.c: Fix error reporting in TIFFFetchAnyArray()
    (%d in format string without corresponding integer argument).
    [CVE-2006-2024]
  - libtiff/{tif_pixarlog.c, tif_fax3.c, tif_zip.c}: Properly
    restore setfield/getfield methods in cleanup functions to avoid crash on
    invalid files. [CVE-2006-2024]
  - libtiff/{tif_predict.c, tif_predict.h}: Added new function
    TIFFPredictorCleanup() to restore parent decode/encode/field methods.
    [CVE-2006-2024]
  - libtiff/tif_dirread.c: Check for integer overflow in TIFFFetchData().
    [CVE-2006-2025]
  - libtiff/tif_jpeg.c: Properly restore setfield/getfield methods in
    cleanup functions to avoid double free(). [CVE-2006-2026]
  - libtiff/tif_color.c: Check for out-of-bounds values in TIFFXYZToRGB().
    [CVE-2006-2120]
* See http://bugzilla.remotesensing.org/show_bug.cgi?id=1102 for reproducer
  images.

3. By Martin Pitt

* Synchronize to Debian.
* Only change left: xlibmesa-gl-dev -> libgl1-mesa-dev build dependency
  change.

2. By Jay Berkenbilt

* New maintainer (thanks Joy!)
* Applied patch by Dmitry V. Levin to fix a segmentation fault
  [tools/tiffdump.c, CAN-2004-1183]
  Thanks to Martin Schulze for forwarding the patch.
* Fixed section of -dev package (devel -> libdevel)

1. By Fabio Massimo Di Nitto

Import upstream version 3.6.1

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/lucid/tiff
This branch contains Public information 
Everyone can see this information.

Subscribers