[ubuntu/lucid-security] tiff 3.9.2-2ubuntu0.8 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Apr 4 21:03:46 UTC 2012 

tiff (3.9.2-2ubuntu0.8) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    tiffdump
    - debian/patches/CVE-2010-4665.patch: prevent integer overflow in
      tools/tiffdump.c.
    - CVE-2010-4665
  * SECURITY UPDATE: arbitrary code execution via size overflow
    - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
      libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
    - CVE-2012-1173
  * debian/patches/CVE-2010-1411.patch: updated to use actual upstream fix
    and to get TIFFSafeMultiply macro.

Date: Mon, 02 Apr 2012 11:50:13 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/tiff/3.9.2-2ubuntu0.8
-------------- next part --------------
Format: 1.8
Date: Mon, 02 Apr 2012 11:50:13 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 3.9.2-2ubuntu0.8
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes: 
 tiff (3.9.2-2ubuntu0.8) lucid-security; urgency=low
 .
   * SECURITY UPDATE: denial of service and possible code execution via
     tiffdump
     - debian/patches/CVE-2010-4665.patch: prevent integer overflow in
       tools/tiffdump.c.
     - CVE-2010-4665
   * SECURITY UPDATE: arbitrary code execution via size overflow
     - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
       libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
     - CVE-2012-1173
   * debian/patches/CVE-2010-1411.patch: updated to use actual upstream fix
     and to get TIFFSafeMultiply macro.
Checksums-Sha1: 
 b879e2eb702cb91b6437eca58875bac549d43d19 1936 tiff_3.9.2-2ubuntu0.8.dsc
 3947b9e00409bd3fe4452458af81b61b9df541c7 22755 tiff_3.9.2-2ubuntu0.8.diff.gz
Checksums-Sha256: 
 4850baadb9aacd9f731ebced3cfdcdeb556bf6df297e375a934b7acba9aee124 1936 tiff_3.9.2-2ubuntu0.8.dsc
 a39b246394dd89999381b04788d2bec07b2ffbc2b2b1e528c0d710d2e67716af 22755 tiff_3.9.2-2ubuntu0.8.diff.gz
Files: 
 f8027335c7ad9d59550e8e55c7974892 1936 libs optional tiff_3.9.2-2ubuntu0.8.dsc
 1055407556893ad57e21da8abaada97c 22755 libs optional tiff_3.9.2-2ubuntu0.8.diff.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>

More information about the Lucid-changes mailing list