tiff 3.7.4-1ubuntu3.2 source package in Ubuntu

Changelog

tiff (3.7.4-1ubuntu3.2) dapper-security; urgency=low

  * SECURITY UPDATE: Arbitrary code execution with crafted TIFF files, found
    by Tavis Ormandy of the Google Security Team.
  * Add debian/patches/CVE-2006-3459-3465.patch:
    - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
      tif_dirread.c
    - CVE-2006-3460: A heap overflow vulnerability was discovered in the
      jpeg decoder
    - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
    - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
      overflow
    - CVE-2006-3463: An infinite loop was discovered in
      EstimateStripByteCounts()
    - CVE-2006-3464: Multiple unchecked arithmetic operations were
      uncovered, including a number of the range checking operations
      deisgned to ensure the offsets specified in tiff directories are
      legitimate.
    - A number of codepaths were uncovered where assertions did not hold
      true, resulting in the client application calling abort()
    - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
      support

 -- Martin Pitt <email address hidden>   Wed,  2 Aug 2006 13:27:14 +0200