lp:ubuntu/precise-updates/tiff
- Get this branch:
- bzr branch lp:ubuntu/precise-updates/tiff
Branch merges
Branch information
Recent revisions
- 32. By Marc Deslauriers
-
* SECURITY REGRESSION: regression when saving TIFF files with compression
predictor (LP: #1439186)
- debian/patches/ CVE-2014- 8128-5. patch: disable until proper upstream
fix is available. - 31. By Marc Deslauriers
-
* SECURITY UPDATE: Fix multiple security issues
- debian/patches/ CVE-2014- 81xx-1. patch to CVE-2014- 81xx-11. patch
- debian/patches/ CVE-2014- 8128-5. patch
- debian/patches/ CVE-2014- 9655-1. patch to CVE-2014- 9655-3. patch
- debian/patches/ read_overrun. patch
- debian/patches/ CVE-2014- 8130.patch
- CVE-2014-8127 (partially)
- CVE-2014-8128
- CVE-2014-8129
- CVE-2014-8130
- CVE-2014-9330
- CVE-2014-9655 - 30. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
- debian/patches/ CVE-2013- 4231.patch: validate datasize in
tools/gif2tiff. c.
- CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
- debian/patches/ CVE-2013- 4232.patch: properly exit on error in
tools/tiff2pdf. c.
- CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool
- debian/patches/ CVE-2013- 4243.patch: check width and height in
tools/gif2tiff. c.
- CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool LZW decompressor
- debian/patches/ CVE-2013- 4244.patch: validate code size in
tools/gif2tiff. c.
- CVE-2013-4244 - 29. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via heap
overflow in tp_process_jpeg_strip( ).
- debian/patches/ CVE-2013- 1960.patch: improve tp_process_ jpeg_strip( )
logic in tools/tiff2pdf.c.
- CVE-2013-1960
* SECURITY UPDATE: denial of service via stack overflow with malformed
image-length and resolution.
- debian/patches/ CVE-2013- 1961.patch: replace use of sprintf() with
snprintf() in contrib/dbs/xtiff/ xtiff.c, libtiff/ tif_codec. c,
libtiff/tif_dirinfo. c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
tools/tiff2pdf. c, tools/tiff2ps.c, tools/tiffcrop.c,
tools/tiffdither. c.
- CVE-2013-1961 - 28. By Seth Arnold
-
* SECURITY UPDATE: denial of service and possible code execution via
PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
- debian/patches/ CVE-2012- 5581.patch: remove special cases of tags,
improve DOTRANGE tag case
- CVE-2012-5581 - 27. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
PixarLog compression format
- debian/patches/ CVE-2012- 4447.patch: fix buffer size in
libtiff/tif_pixarlog. c.
- CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
crafted PPM image
- debian/patches/ CVE-2012- 4564.patch: check scanline_size in
tools/ppm2tiff. c.
- CVE-2012-4564 - 26. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
in tiff2pdf.
- debian/patches/ CVE-2012- 3401.patch: properly set t2p->t2p_error in
tools/tiff2pdf. c.
- CVE-2012-3401 - 25. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
due to type-conversion flaw (LP: #1016324)
- debian/patches/ CVE-2012- 2088.patch: check for overflows in
libtiff/tif_strip. c and libtiff/tif_tile.c.
- CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
overflows in tiff2pdf (LP: #1016324)
- debian/patches/ CVE-2012- 2113.patch: check for overflows in
tools/tiff2pdf. c.
- CVE-2012-2113 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via size overflow
- debian/patches/ CVE-2012- 1173.patch: use TIFFSafeMultiply in
libtiff/tif_getimage. c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
- CVE-2012-1173 - 23. By Jay Berkenbilt <email address hidden>
-
Implemented mulitarch and and PIE build for security hardening by
integrating the changes from the Ubuntu tiff packages. Thanks to Marc
Deslauriers and anyone else who did the actual work.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/quantal/tiff