Ubuntu
tiff package

CAN-2005-1544 patch

Bug #17243 reported by Jay Berkenbilt
4
Affects Status Importance Assigned to Milestone
tiff (Ubuntu)
Fix Released
Medium
Martin Pitt

Bug Description

I'm attaching the patch for tiff-3.7.2-3 that I've applied to the Debian
package. I believe this patch should drop into the breezy version to make
3.7.2-2ubuntu2 or 3.7.2-3ubuntu1 as you see fit. Here's my debian/changelog entry:

  * Fix for exploitable segmentation fault on files with bad BitsPerSample
    values. (Closes: #309739)
    [libtiff/tif_dirread.c, CAN-2005-1544]
    Thanks to Martin Pitt for the report.

CVE References

Revision history for this message
Jay Berkenbilt (ejb) wrote :

Created an attachment (id=2426)
patch to place into debian/patches

This patch can be dropped into debian/patches in the package. It is a patch to
libtiff, not to the debian tiff source package. Please see debian bug 309739
for additional details.

Revision history for this message
Martin Pitt (pitti) wrote :

Thanks, I already have a patch for the Breezy version. I didn't upload it yet
because I have trouble to build it (entirely unrelated bug, though).

Revision history for this message
Martin Pitt (pitti) wrote :

I uploaded a fixed version today.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.