lp:ubuntu/hardy-updates/tiff

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

24. By Seth Arnold on 2012-12-03

* SECURITY UPDATE: denial of service and possible code execution via
  PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
  - debian/patches/z_CVE-2012-5581.patch: remove special cases of tags,
    improve DOTRANGE tag case
  - CVE-2012-5581

23. By Marc Deslauriers on 2012-11-14

* SECURITY UPDATE: denial of service and possible code execution via
  PixarLog compression format
  - debian/patches/z_CVE-2012-4447.patch: fix buffer size in
    libtiff/tif_pixarlog.c.
  - CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
  crafted PPM image
  - debian/patches/z_CVE-2012-4564.patch: check scanline_size in
    tools/ppm2tiff.c.
  - CVE-2012-4564

22. By Marc Deslauriers on 2012-07-16

* SECURITY UPDATE: possible arbitrary code execution via heap overflow
  in tiff2pdf.
  - debian/patches/z_CVE-2012-3401.patch: properly set t2p->t2p_error in
    tools/tiff2pdf.c.
  - CVE-2012-3401

21. By Marc Deslauriers on 2012-07-04

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  due to type-conversion flaw (LP: #1016324)
  - debian/patches/z_CVE-2012-2088.patch: check for overflows in
    libtiff/tif_strip.c and libtiff/tif_tile.c.
  - CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
  overflows in tiff2pdf (LP: #1016324)
  - debian/patches/z_CVE-2012-2113.patch: check for overflows in
    tools/tiff2pdf.c.
  - CVE-2012-2113

20. By Marc Deslauriers on 2012-04-05

No-change rebuild to get lpia package.

19. By Marc Deslauriers on 2012-04-02

* SECURITY UPDATE: denial of service and possible code execution via
  tiffdump
  - debian/patches/z_CVE-2010-4665.patch: prevent integer overflow in
    tools/tiffdump.c.
  - CVE-2010-4665
* SECURITY UPDATE: arbitrary code execution via size overflow
  - debian/patches/z_CVE-2012-1173.patch: use TIFFSafeMultiply in
    libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
  - CVE-2012-1173
* debian/patches/CVE-2010-1411.patch: updated to use actual upstream fix
  and to get TIFFSafeMultiply macro.

18. By Marc Deslauriers on 2011-03-30

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/z_CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

17. By Kees Cook on 2011-03-14

* debian/patches/CVE-2011-0192.patch: update for regression in
  processing of certain CCITTFAX4 files (LP: #731540).
  - http://bugzilla.maptools.org/show_bug.cgi?id=2297

16. By Marc Deslauriers on 2011-03-04

* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
  values
  - debian/patches/z_CVE-2010-2595.patch: validate values in
    libtiff/tif_color.c.
  - CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
  - debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
    libtiff/tif_strip.c.
  - CVE-2010-2597
  - CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
  - debian/patches/z_CVE-2010-2630.patch: correctly handle order in
    libtiff/tif_dirread.c.
  - CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
  YCBCRSUBSAMPLING tag
  - debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
    libtiff/tif_dir.c.
  - CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in Fax4Decode
  - debian/patches/z_CVE-2011-0192.patch: check length in
    libtiff/tif_fax3.h.
  - CVE-2011-0192

15. By Kees Cook on 2010-06-17

* SECURITY UPDATE: arbitrary code execution and crashes via multiple
  integer overflows. Backported upstream fixes:
  - debian/patches/CVE-2010-1411.patch
  - debian/patches/fix-unknown-tags.patch