lp:ubuntu/hardy-security/tiff
- Get this branch:
- bzr branch lp:ubuntu/hardy-security/tiff
Branch merges
Branch information
Recent revisions
- 24. By Seth Arnold
-
* SECURITY UPDATE: denial of service and possible code execution via
PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
- debian/patches/ z_CVE-2012- 5581.patch: remove special cases of tags,
improve DOTRANGE tag case
- CVE-2012-5581 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
PixarLog compression format
- debian/patches/ z_CVE-2012- 4447.patch: fix buffer size in
libtiff/tif_pixarlog. c.
- CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
crafted PPM image
- debian/patches/ z_CVE-2012- 4564.patch: check scanline_size in
tools/ppm2tiff. c.
- CVE-2012-4564 - 22. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
in tiff2pdf.
- debian/patches/ z_CVE-2012- 3401.patch: properly set t2p->t2p_error in
tools/tiff2pdf. c.
- CVE-2012-3401 - 21. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
due to type-conversion flaw (LP: #1016324)
- debian/patches/ z_CVE-2012- 2088.patch: check for overflows in
libtiff/tif_strip. c and libtiff/tif_tile.c.
- CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
overflows in tiff2pdf (LP: #1016324)
- debian/patches/ z_CVE-2012- 2113.patch: check for overflows in
tools/tiff2pdf. c.
- CVE-2012-2113 - 19. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
tiffdump
- debian/patches/ z_CVE-2010- 4665.patch: prevent integer overflow in
tools/tiffdump. c.
- CVE-2010-4665
* SECURITY UPDATE: arbitrary code execution via size overflow
- debian/patches/ z_CVE-2012- 1173.patch: use TIFFSafeMultiply in
libtiff/tif_getimage. c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
- CVE-2012-1173
* debian/patches/ CVE-2010- 1411.patch: updated to use actual upstream fix
and to get TIFFSafeMultiply macro. - 18. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted
THUNDER_2BITDELTAS data
- debian/patches/ z_CVE-2011- 1167.patch: validate bitspersample and
make sure npixels is sane in libtiff/tif_thunder. c.
- CVE-2011-1167 - 17. By Kees Cook
-
* debian/
patches/ CVE-2011- 0192.patch: update for regression in
processing of certain CCITTFAX4 files (LP: #731540).
- http://bugzilla. maptools. org/show_ bug.cgi? id=2297 - 16. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/ z_CVE-2010- 2595.patch: validate values in
libtiff/tif_color. c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/ z_CVE-2010- 2597.patch: properly initialize fields in
libtiff/tif_strip. c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/ z_CVE-2010- 2630.patch: correctly handle order in
libtiff/tif_dirread. c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/ z_CVE-2011- 0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir. c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/ z_CVE-2011- 0192.patch: check length in
libtiff/tif_fax3. h.
- CVE-2011-0192
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/tiff