[ubuntu/dapper-security] tiff (delayed), tiff 3.7.4-1ubuntu3.9 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Mar 7 15:10:09 UTC 2011
tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/z_CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/z_CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir.c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/z_CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
Date: Fri, 04 Mar 2011 10:09:48 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Jay Berkenbilt <qjb at debian.org>
https://launchpad.net/ubuntu/dapper/+source/tiff/3.7.4-1ubuntu3.9
-------------- next part --------------
Format: 1.7
Date: Fri, 04 Mar 2011 10:09:48 -0500
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source
Version: 3.7.4-1ubuntu3.9
Distribution: dapper-security
Urgency: low
Maintainer: Jay Berkenbilt <qjb at debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
tiff (3.7.4-1ubuntu3.9) dapper-security; urgency=low
.
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/z_CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/z_CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir.c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/z_CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
Files:
cecd72b7ff2bcb007ca1113dd983f0a2 1405 libs optional tiff_3.7.4-1ubuntu3.9.dsc
3cf3842eea7eb46f37c7ad2b6f700184 24369 libs optional tiff_3.7.4-1ubuntu3.9.diff.gz
More information about the dapper-changes
mailing list