* SECURITY UPDATE: denial of service via invalid td_stripbytecount field
(LP: #597246)
- debian/patches/CVE-2010-2482.patch: look for missing strip byte
counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
- CVE-2010-2482
* SECURITY UPDATE: denial of service via invalid combination of
SamplesPerPixel and Photometric values (LP: #591605)
- debian/patches/CVE-2010-2483.patch: validate samplesperpixel in
libtiff/tif_getimage.c.
- CVE-2010-2483
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/patches/CVE-2010-2595.patch: validate values in
libtiff/tif_color.c.
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/patches/CVE-2010-2597.patch: properly initialize fields in
libtiff/tif_strip.c.
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/patches/CVE-2010-2630.patch: correctly handle order in
libtiff/tif_dirread.c.
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code execution via
heap corruption in JPEGDecodeRaw
- debian/patches/CVE-2010-3087.patch: check for overflows in
libtiff/tif_jpeg.c, libtiff/tif_strip.c.
- CVE-2010-3087
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/patches/CVE-2011-0192.patch: check length in
libtiff/tif_fax3.h.
- CVE-2011-0192
-- Marc Deslauriers <email address hidden> Thu, 03 Mar 2011 12:16:19 -0500
This bug was fixed in the package tiff - 3.9.4-2ubuntu0.1
---------------
tiff (3.9.4-2ubuntu0.1) maverick-security; urgency=low
* SECURITY UPDATE: denial of service via invalid td_stripbytecount field patches/ CVE-2010- 2482.patch: look for missing strip byte tif_ojpeg. c, tools/tiffsplit.c. patches/ CVE-2010- 2483.patch: validate samplesperpixel in tif_getimage. c. patches/ CVE-2010- 2595.patch: validate values in tif_color. c. patches/ CVE-2010- 2597.patch: properly initialize fields in tif_strip. c. patches/ CVE-2010- 2630.patch: correctly handle order in tif_dirread. c. patches/ CVE-2010- 3087.patch: check for overflows in tif_jpeg. c, libtiff/ tif_strip. c. patches/ CVE-2011- 0192.patch: check length in tif_fax3. h.
(LP: #597246)
- debian/
counts in libtiff/
- CVE-2010-2482
* SECURITY UPDATE: denial of service via invalid combination of
SamplesPerPixel and Photometric values (LP: #591605)
- debian/
libtiff/
- CVE-2010-2483
* SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
values
- debian/
libtiff/
- CVE-2010-2595
* SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
- debian/
libtiff/
- CVE-2010-2597
- CVE-2010-2598
* SECURITY UPDATE: denial of service via out-of-order tags
- debian/
libtiff/
- CVE-2010-2630
* SECURITY UPDATE: denial of service and possible code execution via
heap corruption in JPEGDecodeRaw
- debian/
libtiff/
- CVE-2010-3087
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in Fax4Decode
- debian/
libtiff/
- CVE-2011-0192
-- Marc Deslauriers <email address hidden> Thu, 03 Mar 2011 12:16:19 -0500