-
tiff (3.9.5-1ubuntu1.5) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
PAGENUMBER, HALFTONEHINTS, YCBCRSUBSAMPLING, and DOTRANGE tags.
- debian/patches/CVE-2012-5581.patch: remove special cases of tags,
improve DOTRANGE tag case
- CVE-2012-5581
-- Seth Arnold <email address hidden> Mon, 03 Dec 2012 12:42:59 -0800
-
tiff (3.9.5-1ubuntu1.4) oneiric-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
PixarLog compression format
- debian/patches/CVE-2012-4447.patch: fix buffer size in
libtiff/tif_pixarlog.c.
- CVE-2012-4447
* SECURITY UPDATE: denial of service and possible code execution via
crafted PPM image
- debian/patches/CVE-2012-4564.patch: check scanline_size in
tools/ppm2tiff.c.
- CVE-2012-4564
-- Marc Deslauriers <email address hidden> Wed, 14 Nov 2012 11:42:55 -0500
-
tiff (3.9.5-1ubuntu1.3) oneiric-security; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via heap overflow
in tiff2pdf.
- debian/patches/CVE-2012-3401.patch: properly set t2p->t2p_error in
tools/tiff2pdf.c.
- CVE-2012-3401
-- Marc Deslauriers <email address hidden> Mon, 16 Jul 2012 09:50:05 -0400
-
tiff (3.9.5-1ubuntu1.2) oneiric-security; urgency=low
* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
due to type-conversion flaw (LP: #1016324)
- debian/patches/CVE-2012-2088.patch: check for overflows in
libtiff/tif_strip.c and libtiff/tif_tile.c.
- CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
overflows in tiff2pdf (LP: #1016324)
- debian/patches/CVE-2012-2113.patch: check for overflows in
tools/tiff2pdf.c.
- CVE-2012-2113
-- Marc Deslauriers <email address hidden> Wed, 04 Jul 2012 10:34:29 -0400
-
tiff (3.9.5-1ubuntu1.1) oneiric-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via size overflow
- debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
- CVE-2012-1173
-- Marc Deslauriers <email address hidden> Mon, 02 Apr 2012 10:41:38 -0400
-
tiff (3.9.5-1ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- Enable multiarch build
- debian/control: update depends for multiarch toolchain
- debian/*.install: update /usr/lib paths
- debian/rules:
- add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
- update library path for .la files
- debian/{control,rules}: enable PIE build for security hardening
* Dropped patches:
- CVE-2010-2482.patch: upstream
- CVE-2010-2595.patch: upstream
- CVE-2010-2597.patch: upstream
- CVE-2010-2630.patch: upstream
- CVE-2011-0192.patch: upstream
- CVE-2011-1167.patch: upstream
- CVE-2009-5022.patch: upstream
tiff (3.9.5-1) unstable; urgency=low
* New upstream release. All security patches are fully incorporated
into this version, as are many other bug fixes.
* Updated standards version to 3.9.2. No changes needed.
tiff (3.9.4-9) unstable; urgency=high
* CVE-2011-1167: correct potential buffer overflow with thunder encoded
files with wrong bitspersample set. (Closes: #619614)
tiff (3.9.4-8) unstable; urgency=low
* Enable PIE (position independent executable) build for security
hardening. Patch from Ubuntu. (Closes: #613759)
tiff (3.9.4-7) unstable; urgency=high
* Incorporate revised fix to CVE-2011-0192.
tiff (3.9.4-6) unstable; urgency=high
* Incorporated fix to CVE-2011-0192, "Buffer overflow in Fax4Decode".
-- Marc Deslauriers <email address hidden> Wed, 25 May 2011 15:10:36 -0400
-
tiff (3.9.4-5ubuntu6) natty; urgency=low
* SECURITY UPDATE: arbitrary code execution via malformed JPEG
- debian/patches/CVE-2009-5022.patch: check width in
libtiff/tif_ojpeg.c.
- CVE-2009-5022
-- Marc Deslauriers <email address hidden> Wed, 20 Apr 2011 13:00:47 -0400
