lp:ubuntu/oneiric-updates/tiff
- Get this branch:
- bzr branch lp:ubuntu/oneiric-updates/tiff
Branch merges
Branch information
Recent revisions
- 27. By Seth Arnold
-
* SECURITY UPDATE: denial of service and possible code execution via
PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
- debian/patches/ CVE-2012- 5581.patch: remove special cases of tags,
improve DOTRANGE tag case
- CVE-2012-5581 - 26. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
PixarLog compression format
- debian/patches/ CVE-2012- 4447.patch: fix buffer size in
libtiff/tif_pixarlog. c.
- CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
crafted PPM image
- debian/patches/ CVE-2012- 4564.patch: check scanline_size in
tools/ppm2tiff. c.
- CVE-2012-4564 - 25. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
in tiff2pdf.
- debian/patches/ CVE-2012- 3401.patch: properly set t2p->t2p_error in
tools/tiff2pdf. c.
- CVE-2012-3401 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
due to type-conversion flaw (LP: #1016324)
- debian/patches/ CVE-2012- 2088.patch: check for overflows in
libtiff/tif_strip. c and libtiff/tif_tile.c.
- CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
overflows in tiff2pdf (LP: #1016324)
- debian/patches/ CVE-2012- 2113.patch: check for overflows in
tools/tiff2pdf. c.
- CVE-2012-2113 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via size overflow
- debian/patches/ CVE-2012- 1173.patch: use TIFFSafeMultiply in
libtiff/tif_getimage. c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
- CVE-2012-1173 - 22. By Marc Deslauriers
-
* Merge from debian unstable. Remaining changes:
- Enable multiarch build
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
- update library path for .la files
- debian/{control, rules}: enable PIE build for security hardening
* Dropped patches:
- CVE-2010-2482.patch: upstream
- CVE-2010-2595.patch: upstream
- CVE-2010-2597.patch: upstream
- CVE-2010-2630.patch: upstream
- CVE-2011-0192.patch: upstream
- CVE-2011-1167.patch: upstream
- CVE-2009-5022.patch: upstream - 21. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via malformed JPEG
- debian/patches/ CVE-2009- 5022.patch: check width in
libtiff/tif_ojpeg. c.
- CVE-2009-5022 - 20. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via crafted
THUNDER_2BITDELTAS data
- debian/patches/ CVE-2011- 1167.patch: validate bitspersample and
make sure npixels is sane in libtiff/tif_thunder. c.
- CVE-2011-1167 - 19. By Kees Cook
-
* Enable multiarch build (LP: #733501)
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
- update library path for .la files - 18. By Kees Cook
-
* debian/
patches/ CVE-2011- 0192.patch: update for regression in
processing of certain CCITTFAX4 files (LP: #731540).
- http://bugzilla. maptools. org/show_ bug.cgi? id=2297
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/tiff