lp:ubuntu/quantal-security/tiff

Created by Ubuntu Package Importer on 2012-11-15 and last modified on 2014-05-05
Get this branch:
bzr branch lp:ubuntu/quantal-security/tiff
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

31. By Marc Deslauriers on 2014-05-05

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

30. By Marc Deslauriers on 2013-05-13

* SECURITY UPDATE: denial of service and possible code execution via heap
  overflow in tp_process_jpeg_strip().
  - debian/patches/CVE-2013-1960.patch: improve tp_process_jpeg_strip()
    logic in tools/tiff2pdf.c.
  - CVE-2013-1960
* SECURITY UPDATE: denial of service via stack overflow with malformed
  image-length and resolution.
  - debian/patches/CVE-2013-1961.patch: replace use of sprintf() with
    snprintf() in contrib/dbs/xtiff/xtiff.c, libtiff/tif_codec.c,
    libtiff/tif_dirinfo.c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
    tools/tiff2pdf.c, tools/tiff2ps.c, tools/tiffcrop.c,
    tools/tiffdither.c.
  - CVE-2013-1961

29. By Marc Deslauriers on 2012-11-14

* SECURITY UPDATE: denial of service and possible code execution via
  PixarLog compression format
  - debian/patches/CVE-2012-4447.patch: fix buffer size in
    libtiff/tif_pixarlog.c.
  - CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
  crafted PPM image
  - debian/patches/CVE-2012-4564.patch: check scanline_size in
    tools/ppm2tiff.c.
  - CVE-2012-4564

28. By Marc Deslauriers on 2012-07-19

* SECURITY UPDATE: possible arbitrary code execution via heap overflow
  in tiff2pdf.
  - debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
    tools/tiff2pdf.c.
  - CVE-2012-3401

27. By Michael Terry on 2012-07-11

* debian/control:
  - Have libtiff5-dev Provide libtiff-dev

26. By Jay Berkenbilt <email address hidden> on 2012-06-24

New upstream release

25. By Marc Deslauriers on 2012-07-05

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  due to type-conversion flaw (LP: #1016324)
  - debian/patches/CVE-2012-2088.patch: check for overflows in
    libtiff/tif_strip.c and libtiff/tif_tile.c.
  - CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
  overflows in tiff2pdf (LP: #1016324)
  - debian/patches/CVE-2012-2113.patch: check for overflows in
    tools/tiff2pdf.c.
  - CVE-2012-2113

24. By Marc Deslauriers on 2012-04-02

* SECURITY UPDATE: arbitrary code execution via size overflow
  - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
    libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
  - CVE-2012-1173

23. By Jay Berkenbilt <email address hidden> on 2011-09-17

Implemented mulitarch and and PIE build for security hardening by
integrating the changes from the Ubuntu tiff packages. Thanks to Marc
Deslauriers and anyone else who did the actual work.

22. By Marc Deslauriers on 2011-05-25

* Merge from debian unstable. Remaining changes:
  - Enable multiarch build
    - debian/control: update depends for multiarch toolchain
    - debian/*.install: update /usr/lib paths
    - debian/rules:
      - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
      - update library path for .la files
  - debian/{control,rules}: enable PIE build for security hardening
* Dropped patches:
  - CVE-2010-2482.patch: upstream
  - CVE-2010-2595.patch: upstream
  - CVE-2010-2597.patch: upstream
  - CVE-2010-2630.patch: upstream
  - CVE-2011-0192.patch: upstream
  - CVE-2011-1167.patch: upstream
  - CVE-2009-5022.patch: upstream

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/raring/tiff
This branch contains Public information 
Everyone can see this information.

Subscribers