Ubuntu
tiff package

Sync tiff 4.0.3-9 (main) from Debian unstable (main)

Bug #1333429 reported by Artur Rona on 2014-06-23

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	tiff (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

Please sync tiff 4.0.3-9 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service and possible code execution in
    gif2tiff tool
    - debian/patches/CVE-2013-4243.patch: check width and height in
      tools/gif2tiff.c.
    - CVE-2013-4243

Debian has merged Ubuntu changes.

Changelog entries since current utopic version 4.0.3-8ubuntu1:

tiff (4.0.3-9) unstable; urgency=medium

* Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
#742917)

-- Jay Berkenbilt <email address hidden> Sat, 21 Jun 2014 18:12:40 -0400

CVE References

2013-4243

Artur Rona (ari-tczew) on 2014-06-23

Changed in tiff (Ubuntu):
importance:	Undecided → Wishlist

Revision history for this message

Daniel Holbach (dholbach) wrote on 2014-06-24:

This bug was fixed in the package tiff - 4.0.3-9
Sponsored for Artur Rona (ari-tczew)

---------------
tiff (4.0.3-9) unstable; urgency=medium

* Fix for CVE-2013-4243 (validation for gif2tiff) from Red Hat. (Closes:
#742917)

-- Jay Berkenbilt <email address hidden> Sat, 21 Jun 2014 18:12:40 -0400

Changed in tiff (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntutiff package