lp:ubuntu/oneiric/tiff
- Get this branch:
- bzr branch lp:ubuntu/oneiric/tiff
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 22. By Marc Deslauriers
-
* Merge from debian unstable. Remaining changes:
- Enable multiarch build
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
- update library path for .la files
- debian/{control, rules}: enable PIE build for security hardening
* Dropped patches:
- CVE-2010-2482.patch: upstream
- CVE-2010-2595.patch: upstream
- CVE-2010-2597.patch: upstream
- CVE-2010-2630.patch: upstream
- CVE-2011-0192.patch: upstream
- CVE-2011-1167.patch: upstream
- CVE-2009-5022.patch: upstream - 21. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via malformed JPEG
- debian/patches/ CVE-2009- 5022.patch: check width in
libtiff/tif_ojpeg. c.
- CVE-2009-5022 - 20. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted
THUNDER_2BITDELTAS data
- debian/patches/ CVE-2011- 1167.patch: validate bitspersample and
make sure npixels is sane in libtiff/tif_thunder. c.
- CVE-2011-1167 - 19. By Kees Cook
-
* Enable multiarch build (LP: #733501)
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
- update library path for .la files - 18. By Kees Cook
-
* debian/
patches/ CVE-2011- 0192.patch: update for regression in
processing of certain CCITTFAX4 files (LP: #731540).
- http://bugzilla. maptools. org/show_ bug.cgi? id=2297 - 17. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via invalid td_stripbytecount field
(LP: #597246)
- debian/patches/ CVE-2010- 2482.patch: look for missing strip byte
counts in libtiff/tif_ojpeg. c, tools/tiffsplit.c.
- CVE-2010-2482
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/ CVE-2010- 2595.patch: validate values in
libtiff/tif_color. c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/ CVE-2010- 2597.patch: properly initialize fields in
libtiff/tif_strip. c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/ CVE-2010- 2630.patch: correctly handle order in
libtiff/tif_dirread. c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/ CVE-2011- 0192.patch: check length in
libtiff/tif_fax3. h.
- CVE-2011-0192 - 15. By Jay Berkenbilt <email address hidden>
-
Incorporated fix to CVE-2010-3087, a potential denial of service
exploitable with a specially crafted TIFF file. (Closes: #600188) - 14. By Jay Berkenbilt <email address hidden>
-
Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
putcontig8bitYCbCr11tile" . (Closes: #595064) - 13. By Jay Berkenbilt <email address hidden>
-
Incorporated patch to fix CVE-2010-2233, which fixes a specific
failure of tif_getimage on 64-bit platforms.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/tiff