tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/z_CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/z_CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir.c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/z_CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
Date: Fri, 04 Mar 2011 10:09:48 -0500
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Jay Berkenbilt <[email protected]>
https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.9
Format: 1.7
Date: Fri, 04 Mar 2011 10:09:48 -0500
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source
Version: 3.7.4-1ubuntu3.9
Distribution: dapper-security
Urgency: low
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/z_CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/z_CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir.c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/z_CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
Files:
cecd72b7ff2bcb007ca1113dd983f0a2 1405 libs optional tiff_3.7.4-1ubuntu3.9.dsc
3cf3842eea7eb46f37c7ad2b6f700184 24369 libs optional
tiff_3.7.4-1ubuntu3.9.diff.gz
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
