Accepted tiff 3.8.2-6 (source i386)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 31 Jul 2006 18:14:59 -0400
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source i386
Version: 3.8.2-6
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description:
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
tiff (3.8.2-6) unstable; urgency=high
.
* Add watch file
* Tavis Ormandy of the Google Security Team discovered several problems
in the TIFF library. The Common Vulnerabilities and Exposures project
identifies the following issues:
- CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
tif_dirread.c
- CVE-2006-3460: A heap overflow vulnerability was discovered in the
jpeg decoder
- CVE-2006-3461: A heap overflow exists in the PixarLog decoder
- CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
overflow
- CVE-2006-3463: An infinite loop was discovered in
EstimateStripByteCounts()
- CVE-2006-3464: Multiple unchecked arithmetic operations were
uncovered, including a number of the range checking operations
deisgned to ensure the offsets specified in tiff directories are
legitimate.
- A number of codepaths were uncovered where assertions did not hold
true, resulting in the client application calling abort()
- CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
support
Files:
f231e200bc6913736ea7aa050fd131e8 750 libs optional tiff_3.8.2-6.dsc
414aae96da370e0a568595b965da0941 16816 libs optional tiff_3.8.2-6.diff.gz
00408aae1d1f874292fa6e3b229def96 482816 libs optional libtiff4_3.8.2-6_i386.deb
499d675c610ffe9f2cd73b752a11fbfb 4910 libs optional libtiffxx0c2_3.8.2-6_i386.deb
bac219bdbc38435de5cdcde13bf89f11 233226 libdevel optional libtiff4-dev_3.8.2-6_i386.deb
6015bde569e79868e53b0bba166b8702 175508 graphics optional libtiff-tools_3.8.2-6_i386.deb
ac819d92b58c076938ebfa13ed2c1f37 9738 graphics optional libtiff-opengl_3.8.2-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
iD8DBQFEzoleEBVk6taI4KcRAmc7AJ9QS/is9uXHuGMfWm4KCAIMjqrNuQCdF/k2
KWv70ndWM4A/3xn/TceYe+s=
=vPOJ
-----END PGP SIGNATURE-----
Accepted:
libtiff-opengl_3.8.2-6_i386.deb
to pool/main/t/tiff/libtiff-opengl_3.8.2-6_i386.deb
libtiff-tools_3.8.2-6_i386.deb
to pool/main/t/tiff/libtiff-tools_3.8.2-6_i386.deb
libtiff4-dev_3.8.2-6_i386.deb
to pool/main/t/tiff/libtiff4-dev_3.8.2-6_i386.deb
libtiff4_3.8.2-6_i386.deb
to pool/main/t/tiff/libtiff4_3.8.2-6_i386.deb
libtiffxx0c2_3.8.2-6_i386.deb
to pool/main/t/tiff/libtiffxx0c2_3.8.2-6_i386.deb
tiff_3.8.2-6.diff.gz
to pool/main/t/tiff/tiff_3.8.2-6.diff.gz
tiff_3.8.2-6.dsc
to pool/main/t/tiff/tiff_3.8.2-6.dsc
Reply to: