-
Committer:
Bazaar Package Importer
-
Author(s):
Martin Pitt
-
Date:
2006-06-02 18:15:30 UTC
-
Revision ID:
james.westby@ubuntu.com-20060602181530-nbr03qubm5k6o6fg
Tags: 3.7.4-1ubuntu3.1
* SECURITY UPDATE: Arbitrary command execution with crafted long file names.
* Add debian/patches/tiffsplit-fname-overflow.patch:
- tools/tiffsplit.c: Use snprintf instead of strcpy for copying the
user-specified file name into a statically sized buffer.
- CVE-2006-2656
* Add debian/patches/tiff2pdf-octal-printf.patch:
- tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal
signed char (it printed a signed integer, which overflew the buffer and
was wrong anyway).