[ubuntu/oneiric] tiff 3.9.5-1ubuntu1 (Accepted)

[Marc Deslauriers]

tiff (3.9.5-1ubuntu1) oneiric; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Enable multiarch build
      - debian/control: update depends for multiarch toolchain
      - debian/*.install: update /usr/lib paths
      - debian/rules:
        - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
        - update library path for .la files
    - debian/{control,rules}: enable PIE build for security hardening
  * Dropped patches:
    - CVE-2010-2482.patch: upstream
    - CVE-2010-2595.patch: upstream
    - CVE-2010-2597.patch: upstream
    - CVE-2010-2630.patch: upstream
    - CVE-2011-0192.patch: upstream
    - CVE-2011-1167.patch: upstream
    - CVE-2009-5022.patch: upstream

tiff (3.9.5-1) unstable; urgency=low

  * New upstream release.  All security patches are fully incorporated
    into this version, as are many other bug fixes.
  * Updated standards version to 3.9.2.  No changes needed.

tiff (3.9.4-9) unstable; urgency=high

  * CVE-2011-1167: correct potential buffer overflow with thunder encoded
    files with wrong bitspersample set.  (Closes: #619614)

tiff (3.9.4-8) unstable; urgency=low

  * Enable PIE (position independent executable) build for security
    hardening.  Patch from Ubuntu.  (Closes: #613759)

tiff (3.9.4-7) unstable; urgency=high

  * Incorporate revised fix to CVE-2011-0192.

tiff (3.9.4-6) unstable; urgency=high

  * Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".

Date: Wed, 25 May 2011 15:10:36 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/oneiric/+source/tiff/3.9.5-1ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 25 May 2011 15:10:36 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 3.9.5-1ubuntu1
Distribution: oneiric
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 613759 619614
Changes: 
 tiff (3.9.5-1ubuntu1) oneiric; urgency=low
 .
   * Merge from debian unstable. Remaining changes:
     - Enable multiarch build
       - debian/control: update depends for multiarch toolchain
       - debian/*.install: update /usr/lib paths
       - debian/rules:
         - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
         - update library path for .la files
     - debian/{control,rules}: enable PIE build for security hardening
   * Dropped patches:
     - CVE-2010-2482.patch: upstream
     - CVE-2010-2595.patch: upstream
     - CVE-2010-2597.patch: upstream
     - CVE-2010-2630.patch: upstream
     - CVE-2011-0192.patch: upstream
     - CVE-2011-1167.patch: upstream
     - CVE-2009-5022.patch: upstream
 .
 tiff (3.9.5-1) unstable; urgency=low
 .
   * New upstream release.  All security patches are fully incorporated
     into this version, as are many other bug fixes.
   * Updated standards version to 3.9.2.  No changes needed.
 .
 tiff (3.9.4-9) unstable; urgency=high
 .
   * CVE-2011-1167: correct potential buffer overflow with thunder encoded
     files with wrong bitspersample set.  (Closes: #619614)
 .
 tiff (3.9.4-8) unstable; urgency=low
 .
   * Enable PIE (position independent executable) build for security
     hardening.  Patch from Ubuntu.  (Closes: #613759)
 .
 tiff (3.9.4-7) unstable; urgency=high
 .
   * Incorporate revised fix to CVE-2011-0192.
 .
 tiff (3.9.4-6) unstable; urgency=high
 .
   * Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".
Checksums-Sha1: 
 b7c0e4767f5a1517443bd697577f0a5b1400ec60 1994 tiff_3.9.5-1ubuntu1.dsc
 f40aab20fb2f609b5cbc1171c40b66a1445e3773 1455502 tiff_3.9.5.orig.tar.gz
 89db9cd3c4bf12e4bbc0ef4c3b51f43ddf87bdd6 14638 tiff_3.9.5-1ubuntu1.debian.tar.gz
Checksums-Sha256: 
 622b10f91904ae2da51fb00e2eda29cb9dab5648412625372c804c4dae04039a 1994 tiff_3.9.5-1ubuntu1.dsc
 ecf2e30582698dbc61d269203bbd1e701a1a50fb26c87d709e10d89669badb33 1455502 tiff_3.9.5.orig.tar.gz
 2df43e5b2fe3e831b716bb9cf10f31fad000872fbe54543820d92ead801ea7d4 14638 tiff_3.9.5-1ubuntu1.debian.tar.gz
Files: 
 1a92e2811764edad5342cdfee8c97df8 1994 libs optional tiff_3.9.5-1ubuntu1.dsc
 8fc7ce3b4e1d0cc8a319336967815084 1455502 libs optional tiff_3.9.5.orig.tar.gz
 be096a9e3b5a24fab4d407b93721a595 14638 libs optional tiff_3.9.5-1ubuntu1.debian.tar.gz
Original-Maintainer: Jay Berkenbilt <qjb at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJN3VjxAAoJEGVp2FWnRL6Tr6cP/0YVYl7vn8d2Sh625eNC1nrQ
Pz4BvojQdcMG/N8j9BO53ZIN9+1zhFd8LHAOCLV1p3K2lnJV+U7HKudaozJG3C7J
jtsLy+UwsHBXdm/cAcUSLZsB5XlgzAubKpR+9sOEyEB6OeQGffTsKZU2042orFXz
kaKDguhAOf0HahRLeN2IpVCh8a6qSIzKN4+FoQ3Bqpa0tsD7afmadmd5NKljwz1m
CKON2FSIsrMb9wnlK39bpqQI/ih9Z4lKLQnBcJKJSFMM3ci4tEGpNErpuAsABF87
flLDCvlc82BomqEPEBqkcm8bMWLBDwACYmGX/AnPYKJcICkrG8AbQFPhYarCPDhe
7c01MsZUXgFrBlBNOMg6DN83VucPjnbVG1yTnXwvj0AjMf/QkAnMbY4XYyPDMBfR
PcKQTIgMBqS5yO2OF7C7RzTHkGMWwR7Ruhdr+B4MlTfLeggbKC3Wsx39PNBB3MUs
Kyuzx6s5AyW2Y4DK5bdBzZJfqbLxf9l+we5d+Ja3a4RxvwMcCfW3Ti7iN+95AhGS
KdoWncKHRLozXZMLPdMsbTfCC6RWQD05Icynjcsv13ZdDCmQSp9ycXtapYO3Te+0
ikc6XdOIJuXD9KBKcVji28atuJb2oK3Si26xL9fosLb8LkSpHHtD6lH3h5F6vNz+
HHnWaMUi8VT6GOyWsa89
=zsrr
-----END PGP SIGNATURE-----