lp://staging/ubuntu/saucy-security/tiff

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

30. By Marc Deslauriers on 2014-05-05

* SECURITY UPDATE: denial of service via buffer overflow in gif2tiff
  - debian/patches/CVE-2013-4231.patch: validate datasize in
    tools/gif2tiff.c.
  - CVE-2013-4231
* SECURITY UPDATE: denial of service via use-after-free in tiff2pdf
  - debian/patches/CVE-2013-4232.patch: properly exit on error in
    tools/tiff2pdf.c.
  - CVE-2013-4232
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool
  - debian/patches/CVE-2013-4243.patch: check width and height in
    tools/gif2tiff.c.
  - CVE-2013-4243
* SECURITY UPDATE: denial of service and possible code execution in
  gif2tiff tool LZW decompressor
  - debian/patches/CVE-2013-4244.patch: validate code size in
    tools/gif2tiff.c.
  - CVE-2013-4244

29. By Marc Deslauriers on 2013-05-13

* SECURITY UPDATE: denial of service and possible code execution via heap
  overflow in tp_process_jpeg_strip().
  - debian/patches/CVE-2013-1960.patch: improve tp_process_jpeg_strip()
    logic in tools/tiff2pdf.c.
  - CVE-2013-1960
* SECURITY UPDATE: denial of service via stack overflow with malformed
  image-length and resolution.
  - debian/patches/CVE-2013-1961.patch: replace use of sprintf() with
    snprintf() in contrib/dbs/xtiff/xtiff.c, libtiff/tif_codec.c,
    libtiff/tif_dirinfo.c, tools/rgb2ycbcr.c, tools/tiff2bw.c,
    tools/tiff2pdf.c, tools/tiff2ps.c, tools/tiffcrop.c,
    tools/tiffdither.c.
  - CVE-2013-1961

28. By Marc Deslauriers on 2012-11-15

* SECURITY UPDATE: denial of service and possible code execution via
  crafted PPM image
  - debian/patches/CVE-2012-4564.patch: check scanline_size in
    tools/ppm2tiff.c.
  - CVE-2012-4564

27. By Sebastien Bacher on 2012-11-06

* Resynchronize on Debian, remaining change
* debian/control: Have libtiff5-dev Provide libtiff-dev

26. By Jay Berkenbilt <email address hidden> on 2012-06-24

New upstream release

25. By Marc Deslauriers on 2012-07-05

* SECURITY UPDATE: possible arbitrary code execution via buffer overflow
  due to type-conversion flaw (LP: #1016324)
  - debian/patches/CVE-2012-2088.patch: check for overflows in
    libtiff/tif_strip.c and libtiff/tif_tile.c.
  - CVE-2012-2088
* SECURITY UPDATE: possible arbitrary code execution via integer
  overflows in tiff2pdf (LP: #1016324)
  - debian/patches/CVE-2012-2113.patch: check for overflows in
    tools/tiff2pdf.c.
  - CVE-2012-2113

24. By Marc Deslauriers on 2012-04-02

* SECURITY UPDATE: arbitrary code execution via size overflow
  - debian/patches/CVE-2012-1173.patch: use TIFFSafeMultiply in
    libtiff/tif_getimage.c, fix TIFFSafeMultiply in libtiff/tiffiop.h.
  - CVE-2012-1173

23. By Jay Berkenbilt <email address hidden> on 2011-09-17

Implemented mulitarch and and PIE build for security hardening by
integrating the changes from the Ubuntu tiff packages. Thanks to Marc
Deslauriers and anyone else who did the actual work.

22. By Marc Deslauriers on 2011-05-25

* Merge from debian unstable. Remaining changes:
  - Enable multiarch build
    - debian/control: update depends for multiarch toolchain
    - debian/*.install: update /usr/lib paths
    - debian/rules:
      - add --libdir to DEB_CONFIGURE_EXTRA_FLAGS
      - update library path for .la files
  - debian/{control,rules}: enable PIE build for security hardening
* Dropped patches:
  - CVE-2010-2482.patch: upstream
  - CVE-2010-2595.patch: upstream
  - CVE-2010-2597.patch: upstream
  - CVE-2010-2630.patch: upstream
  - CVE-2011-0192.patch: upstream
  - CVE-2011-1167.patch: upstream
  - CVE-2009-5022.patch: upstream

21. By Marc Deslauriers on 2011-04-20

* SECURITY UPDATE: arbitrary code execution via malformed JPEG
  - debian/patches/CVE-2009-5022.patch: check width in
    libtiff/tif_ojpeg.c.
  - CVE-2009-5022