Viewing all changes in revision 6.
- Committer: Bazaar Package Importer
- Date: 2006-06-02 18:15:30 UTC
- Revision ID: james.westby@ubuntu.com-20060602181530-nbr03qubm5k6o6fg
* SECURITY UPDATE: Arbitrary command execution with crafted long file names.
* Add debian/patches/tiffsplit-fname-overflow.patch:
- tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
user-specified file name into a statically sized buffer.
- CVE-2006-2656
* Add debian/patches/tiff2pdf-octal-printf.patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflew the buffer and
was wrong anyway).
* Add debian/patches/tiffsplit-fname-overflow.patch:
- tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
user-specified file name into a statically sized buffer.
- CVE-2006-2656
* Add debian/patches/tiff2pdf-octal-printf.patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflew the buffer and
was wrong anyway).
expand all
collapse all
added
removed
