Package: libtiff-tools Version: 3.7.4-1 Severity: normal Tags: security patch
Recently, a buffer overflow in tiffsplit has been discovered: http://marc.theaimsgroup.com/?l=vuln-dev&m=114857412916909&w=2 You can execute arbitrary code with crafted long file names or prefixes. Of course this is pretty lame usually, but it can become an issue if tiffsplit is used with untrusted input in an automated system. Which should be only theoretical, but since it is easy to patch, it can as well be fixed properly. (Also, Fedora fixed it, and we don't want to loose our reputation, do we? :) ) Find the patch here: http://patches.ubuntu.com/patches/tiff.CVE-2006-2656.diff Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
