Ubuntu
tiff package

lp:ubuntu/oneiric/tiff

  1. Oneiric (11.10)
  2. oneiric
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric/tiff
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Status:
Mature

Recent revisions

22. By Marc Deslauriers

* Merge from debian unstable. Remaining changes:
  - Enable multiarch build
    - debian/control: update depends for multiarch toolchain
    - debian/*.install: update /usr/lib paths
    - debian/rules:
      - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
      - update library path for .la files
  - debian/{control,rules}: enable PIE build for security hardening
* Dropped patches:
  - CVE-2010-2482.patch: upstream
  - CVE-2010-2595.patch: upstream
  - CVE-2010-2597.patch: upstream
  - CVE-2010-2630.patch: upstream
  - CVE-2011-0192.patch: upstream
  - CVE-2011-1167.patch: upstream
  - CVE-2009-5022.patch: upstream

21. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via malformed JPEG
  - debian/patches/CVE-2009-5022.patch: check width in
    libtiff/tif_ojpeg.c.
  - CVE-2009-5022

20. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

19. By Kees Cook

* Enable multiarch build (LP: #733501)
  - debian/control: update depends for multiarch toolchain
  - debian/*.install: update /usr/lib paths
  - debian/rules:
    - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
    - update library path for .la files

18. By Kees Cook

* debian/patches/CVE-2011-0192.patch: update for regression in
  processing of certain CCITTFAX4 files (LP: #731540).
  - http://bugzilla.maptools.org/show_bug.cgi?id=2297

17. By Marc Deslauriers

* SECURITY UPDATE: denial of service via invalid td_stripbytecount field
  (LP: #597246)
  - debian/patches/CVE-2010-2482.patch: look for missing strip byte
    counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
  - CVE-2010-2482
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
  values
  - debian/patches/CVE-2010-2595.patch: validate values in
    libtiff/tif_color.c.
  - CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
  - debian/patches/CVE-2010-2597.patch: properly initialize fields in
    libtiff/tif_strip.c.
  - CVE-2010-2597
  - CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
  - debian/patches/CVE-2010-2630.patch: correctly handle order in
    libtiff/tif_dirread.c.
  - CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in Fax4Decode
  - debian/patches/CVE-2011-0192.patch: check length in
    libtiff/tif_fax3.h.
  - CVE-2011-0192

16. By Kees Cook

debian/{control,rules}: enable PIE build for security hardening
(Closes: #613759).

15. By Jay Berkenbilt <email address hidden>

Incorporated fix to CVE-2010-3087, a potential denial of service
exploitable with a specially crafted TIFF file. (Closes: #600188)

14. By Jay Berkenbilt <email address hidden>

Incorporated fix to CVE-2010-2483, "fix crash on OOB reads in
putcontig8bitYCbCr11tile". (Closes: #595064)

13. By Jay Berkenbilt <email address hidden>

Incorporated patch to fix CVE-2010-2233, which fixes a specific
failure of tif_getimage on 64-bit platforms.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/tiff
This branch contains Public information 
Everyone can see this information.

Subscribers