Comment 9 for bug 591605

This bug was fixed in the package tiff - 3.9.4-2ubuntu0.1

---------------
tiff (3.9.4-2ubuntu0.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid td_stripbytecount field
    (LP: #597246)
    - debian/patches/CVE-2010-2482.patch: look for missing strip byte
      counts in libtiff/tif_ojpeg.c, tools/tiffsplit.c.
    - CVE-2010-2482
  * SECURITY UPDATE: denial of service via invalid combination of
    SamplesPerPixel and Photometric values (LP: #591605)
    - debian/patches/CVE-2010-2483.patch: validate samplesperpixel in
      libtiff/tif_getimage.c.
    - CVE-2010-2483
  * SECURITY UPDATE: denial of service via invalid ReferenceBlackWhite
    values
    - debian/patches/CVE-2010-2595.patch: validate values in
      libtiff/tif_color.c.
    - CVE-2010-2595
  * SECURITY UPDATE: denial of service via devide-by-zero (LP: #593067)
    - debian/patches/CVE-2010-2597.patch: properly initialize fields in
      libtiff/tif_strip.c.
    - CVE-2010-2597
    - CVE-2010-2598
  * SECURITY UPDATE: denial of service via out-of-order tags
    - debian/patches/CVE-2010-2630.patch: correctly handle order in
      libtiff/tif_dirread.c.
    - CVE-2010-2630
  * SECURITY UPDATE: denial of service and possible code execution via
    heap corruption in JPEGDecodeRaw
    - debian/patches/CVE-2010-3087.patch: check for overflows in
      libtiff/tif_jpeg.c, libtiff/tif_strip.c.
    - CVE-2010-3087
  * SECURITY UPDATE: denial of service and possible code execution via
    buffer overflow in Fax4Decode
    - debian/patches/CVE-2011-0192.patch: check length in
      libtiff/tif_fax3.h.
    - CVE-2011-0192
 -- Marc Deslauriers <email address hidden> Thu, 03 Mar 2011 12:16:19 -0500