lp:ubuntu/karmic-security/tiff

Created by James Westby on 2010-06-21 and last modified on 2011-03-30
Get this branch:
bzr branch lp:ubuntu/karmic-security/tiff
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

10. By Marc Deslauriers on 2011-03-30

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

9. By Kees Cook on 2011-03-14

* debian/patches/CVE-2011-0192.patch: update for regression in
  processing of certain CCITTFAX4 files (LP: #731540).
  - http://bugzilla.maptools.org/show_bug.cgi?id=2297

8. By Marc Deslauriers on 2011-03-04

* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
  values
  - debian/patches/CVE-2010-2595.patch: validate values in
    libtiff/tif_color.c.
  - CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
  - debian/patches/CVE-2010-2597.patch: properly initialize fields in
    libtiff/tif_strip.c.
  - CVE-2010-2597
  - CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
  - debian/patches/CVE-2010-2630.patch: correctly handle order in
    libtiff/tif_dirread.c.
  - CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
  YCBCRSUBSAMPLING tag
  - debian/patches/CVE-2011-0191.patch: validate td_ycbcrsubsampling in
    libtiff/tif_dir.c.
  - CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in Fax4Decode
  - debian/patches/CVE-2011-0192.patch: check length in
    libtiff/tif_fax3.h.
  - CVE-2011-0192

7. By Kees Cook on 2010-06-17

* SECURITY UPDATE: arbitrary code execution and crashes via multiple
  integer overflows. Backported upstream fixes:
  - debian/patches/CVE-2010-1411.patch
  - debian/patches/fix-unknown-tags.patch

6. By Jay Berkenbilt <email address hidden> on 2009-07-12

* Apply patches to fix CVE-2009-2347, which covers two integer overflow
  conditions.
* LZW patch from last update addressed CVE-2009-2285. Renamed the patch
  to make this clearer.

5. By Jay Berkenbilt <email address hidden> on 2009-06-28

* Apply patch to fix crash in lzw decoder that can be caused by certain
  invalid image files. (Closes: #534137)
* No longer ignore errors in preinst
* Fixed new lintian warnings; updated standards version to 3.8.2.

4. By Jay Berkenbilt <email address hidden> on 2008-08-17

* Apply security patches (CVE-2008-2327)
* Convert patch system to quilt
* Create README.source
* Set standards version to 3.8.0

3. By Jay Berkenbilt <email address hidden> on 2008-08-17

Apply patches from Drew Yao of Apple Product Security to fix
CVE-2008-2327, a potential buffer underflow in the LZW decoder
(tif_lzw.c).

2. By Jay Berkenbilt on 2005-01-05

* New maintainer (thanks Joy!)
* Applied patch by Dmitry V. Levin to fix a segmentation fault
  [tools/tiffdump.c, CAN-2004-1183]
  Thanks to Martin Schulze for forwarding the patch.
* Fixed section of -dev package (devel -> libdevel)

1. By Fabio Massimo Di Nitto on 2004-10-14

Import upstream version 3.6.1

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/tiff
This branch contains Public information 
Everyone can see this information.

Subscribers