Ubuntu
tiff package

lp:ubuntu/oneiric-security/tiff

  1. Oneiric (11.10)
  2. oneiric-security
Created by Ubuntu Package Importer and last modified
Get this branch:
bzr branch lp:ubuntu/oneiric-security/tiff
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

27. By Seth Arnold

* SECURITY UPDATE: denial of service and possible code execution via
  PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
  - debian/patches/CVE-2012-5581.patch: remove special cases of tags,
    improve DOTRANGE tag case
  - CVE-2012-5581

26. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  PixarLog compression format
  - debian/patches/CVE-2012-4447.patch: fix buffer size in
    libtiff/tif_pixarlog.c.
  - CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
  crafted PPM image
  - debian/patches/CVE-2012-4564.patch: check scanline_size in
    tools/ppm2tiff.c.
  - CVE-2012-4564

25. By Marc Deslauriers

* SECURITY UPDATE: possible arbitrary code execution via heap overflow
  in tiff2pdf.
  - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
    tools/tiff2pdf.c.
  - CVE-2012-3401

24. By Marc Deslauriers

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  due to type-conversion flaw (LP: #1016324)
  - debian/patches/CVE-2012-2088.patch: check for overflows in
    libtiff/tif_strip.c and libtiff/tif_tile.c.
  - CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
  overflows in tiff2pdf (LP: #1016324)
  - debian/patches/CVE-2012-2113.patch: check for overflows in
    tools/tiff2pdf.c.
  - CVE-2012-2113

23. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via size overflow
  - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
    libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
  - CVE-2012-1173

22. By Marc Deslauriers

* Merge from debian unstable. Remaining changes:
  - Enable multiarch build
    - debian/control: update depends for multiarch toolchain
    - debian/*.install: update /usr/lib paths
    - debian/rules:
      - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
      - update library path for .la files
  - debian/{control,rules}: enable PIE build for security hardening
* Dropped patches:
  - CVE-2010-2482.patch: upstream
  - CVE-2010-2595.patch: upstream
  - CVE-2010-2597.patch: upstream
  - CVE-2010-2630.patch: upstream
  - CVE-2011-0192.patch: upstream
  - CVE-2011-1167.patch: upstream
  - CVE-2009-5022.patch: upstream

21. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via malformed JPEG
  - debian/patches/CVE-2009-5022.patch: check width in
    libtiff/tif_ojpeg.c.
  - CVE-2009-5022

20. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via crafted
  THUNDER_2BITDELTAS data
  - debian/patches/CVE-2011-1167.patch: validate bitspersample and
    make sure npixels is sane in libtiff/tif_thunder.c.
  - CVE-2011-1167

19. By Kees Cook

* Enable multiarch build (LP: #733501)
  - debian/control: update depends for multiarch toolchain
  - debian/*.install: update /usr/lib paths
  - debian/rules:
    - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
    - update library path for .la files

18. By Kees Cook

* debian/patches/CVE-2011-0192.patch: update for regression in
  processing of certain CCITTFAX4 files (LP: #731540).
  - http://bugzilla.maptools.org/show_bug.cgi?id=2297

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/tiff
This branch contains Public information 
Everyone can see this information.

Subscribers