lp:ubuntu/quantal-updates/tiff
- Get this branch:
- bzr branch lp:ubuntu/quantal-updates/tiff
Branch merges
Related source package recipes
Branch information
Recent revisions
- 31. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
- debian/patches/ CVE-2013- 4231.patch: validate datasize in
tools/gif2tiff. c.
- CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
- debian/patches/ CVE-2013- 4232.patch: properly exit on error in
tools/tiff2pdf. c.
- CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool
- debian/patches/ CVE-2013- 4243.patch: check width and height in
tools/gif2tiff. c.
- CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
gif2tiff tool LZW decompressor
- debian/patches/ CVE-2013- 4244.patch: validate code size in
tools/gif2tiff. c.
- CVE-2013-4244 - 30. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via heap
overflow in tp_process_jpeg_strip( ).
- debian/patches/ CVE-2013- 1960.patch: improve tp_process_ jpeg_strip( )
logic in tools/tiff2pdf.c.
- CVE-2013-1960
* SECURITY UPDATE: denial of service via stack overflow with malformed
image-length and resolution.
- debian/patches/ CVE-2013- 1961.patch: replace use of sprintf() with
snprintf() in contrib/dbs/xtiff/ xtiff.c, libtiff/ tif_codec. c,
libtiff/tif_dirinfo. c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
tools/tiff2pdf. c, tools/tiff2ps.c, tools/tiffcrop.c,
tools/tiffdither. c.
- CVE-2013-1961 - 29. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
PixarLog compression format
- debian/patches/ CVE-2012- 4447.patch: fix buffer size in
libtiff/tif_pixarlog. c.
- CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
crafted PPM image
- debian/patches/ CVE-2012- 4564.patch: check scanline_size in
tools/ppm2tiff. c.
- CVE-2012-4564 - 28. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
in tiff2pdf.
- debian/patches/ CVE-2012- 3401.patch: properly set t2p->t2p_error in
tools/tiff2pdf. c.
- CVE-2012-3401 - 25. By Marc Deslauriers
-
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
due to type-conversion flaw (LP: #1016324)
- debian/patches/ CVE-2012- 2088.patch: check for overflows in
libtiff/tif_strip. c and libtiff/tif_tile.c.
- CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
overflows in tiff2pdf (LP: #1016324)
- debian/patches/ CVE-2012- 2113.patch: check for overflows in
tools/tiff2pdf. c.
- CVE-2012-2113 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via size overflow
- debian/patches/ CVE-2012- 1173.patch: use TIFFSafeMultiply in
libtiff/tif_getimage. c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
- CVE-2012-1173 - 23. By Jay Berkenbilt <email address hidden>
-
Implemented mulitarch and and PIE build for security hardening by
integrating the changes from the Ubuntu tiff packages. Thanks to Marc
Deslauriers and anyone else who did the actual work. - 22. By Marc Deslauriers
-
* Merge from debian unstable. Remaining changes:
- Enable multiarch build
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
- update library path for .la files
- debian/{control, rules}: enable PIE build for security hardening
* Dropped patches:
- CVE-2010-2482.patch: upstream
- CVE-2010-2595.patch: upstream
- CVE-2010-2597.patch: upstream
- CVE-2010-2630.patch: upstream
- CVE-2011-0192.patch: upstream
- CVE-2011-1167.patch: upstream
- CVE-2009-5022.patch: upstream
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/raring/tiff
