Debian Package Tracker

From: Jay Berkenbilt <qjb@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted tiff 3.8.2-6 (source i386)
Date: Mon, 31 Jul 2006 16:02:53 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 31 Jul 2006 18:14:59 -0400
Source: tiff
Binary: libtiff-opengl libtiffxx0c2 libtiff4 libtiff-tools libtiff4-dev
Architecture: source i386
Version: 3.8.2-6
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description: 
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Changes: 
 tiff (3.8.2-6) unstable; urgency=high
 .
   * Add watch file
   * Tavis Ormandy of the Google Security Team discovered several problems
     in the TIFF library.  The Common Vulnerabilities and Exposures project
     identifies the following issues:
      - CVE-2006-3459: a stack buffer overflow via TIFFFetchShortPair() in
        tif_dirread.c
      - CVE-2006-3460: A heap overflow vulnerability was discovered in the
        jpeg decoder
      - CVE-2006-3461: A heap overflow exists in the PixarLog decoder
      - CVE-2006-3462: The NeXT RLE decoder was also vulnerable to a heap
        overflow
      - CVE-2006-3463: An infinite loop was discovered in
        EstimateStripByteCounts()
      - CVE-2006-3464: Multiple unchecked arithmetic operations were
        uncovered, including a number of the range checking operations
        deisgned to ensure the offsets specified in tiff directories are
        legitimate.
      - A number of codepaths were uncovered where assertions did not hold
        true, resulting in the client application calling abort()
      - CVE-2006-3465: A flaw was also uncovered in libtiffs custom tag
        support
Files: 
 f231e200bc6913736ea7aa050fd131e8 750 libs optional tiff_3.8.2-6.dsc
 414aae96da370e0a568595b965da0941 16816 libs optional tiff_3.8.2-6.diff.gz
 00408aae1d1f874292fa6e3b229def96 482816 libs optional libtiff4_3.8.2-6_i386.deb
 499d675c610ffe9f2cd73b752a11fbfb 4910 libs optional libtiffxx0c2_3.8.2-6_i386.deb
 bac219bdbc38435de5cdcde13bf89f11 233226 libdevel optional libtiff4-dev_3.8.2-6_i386.deb
 6015bde569e79868e53b0bba166b8702 175508 graphics optional libtiff-tools_3.8.2-6_i386.deb
 ac819d92b58c076938ebfa13ed2c1f37 9738 graphics optional libtiff-opengl_3.8.2-6_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEzoleEBVk6taI4KcRAmc7AJ9QS/is9uXHuGMfWm4KCAIMjqrNuQCdF/k2
KWv70ndWM4A/3xn/TceYe+s=
=vPOJ
-----END PGP SIGNATURE-----


Accepted:
libtiff-opengl_3.8.2-6_i386.deb
  to pool/main/t/tiff/libtiff-opengl_3.8.2-6_i386.deb
libtiff-tools_3.8.2-6_i386.deb
  to pool/main/t/tiff/libtiff-tools_3.8.2-6_i386.deb
libtiff4-dev_3.8.2-6_i386.deb
  to pool/main/t/tiff/libtiff4-dev_3.8.2-6_i386.deb
libtiff4_3.8.2-6_i386.deb
  to pool/main/t/tiff/libtiff4_3.8.2-6_i386.deb
libtiffxx0c2_3.8.2-6_i386.deb
  to pool/main/t/tiff/libtiffxx0c2_3.8.2-6_i386.deb
tiff_3.8.2-6.diff.gz
  to pool/main/t/tiff/tiff_3.8.2-6.diff.gz
tiff_3.8.2-6.dsc
  to pool/main/t/tiff/tiff_3.8.2-6.dsc
News for package tiff
