[ubuntu/hardy-security] tiff (delayed), tiff 3.8.2-7ubuntu3.7 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Mar 7 15:09:16 UTC 2011
tiff (3.8.2-7ubuntu3.7) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/z_CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/z_CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir.c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/z_CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
Date: Fri, 04 Mar 2011 10:08:57 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/tiff/3.8.2-7ubuntu3.7
-------------- next part --------------
Format: 1.7
Date: Fri, 04 Mar 2011 10:08:57 -0500
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl
Architecture: source
Version: 3.8.2-7ubuntu3.7
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Launchpad-Bugs-Fixed: 593067
Changes:
tiff (3.8.2-7ubuntu3.7) hardy-security; urgency=low
.
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/z_CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/z_CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/z_CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code exection via
YCBCRSUBSAMPLING tag
- debian/patches/z_CVE-2011-0191.patch: validate td_ycbcrsubsampling in
libtiff/tif_dir.c.
- CVE-2011-0191
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/z_CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
Files:
ce0425a4ed096e73f598543c20c8892a 1496 libs optional tiff_3.8.2-7ubuntu3.7.dsc
cfa51946eb7af68c524774b91f3e63e9 22862 libs optional tiff_3.8.2-7ubuntu3.7.diff.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>
More information about the Hardy-changes
mailing list