~ubuntu-branches/ubuntu/vivid/tiff/vivid-proposed

Committer: Package Import Robot
Author(s): Michael Gilbert
Date: 2013-06-17 01:27:17 UTC
Revision ID: package-import@ubuntu.com-20130617012717-s4yksbuv0ri97x5g

Tags: 4.0.2-6+nmu1

http://bugs.debian.org/706675

http://bugs.debian.org/706674

* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).

files added:
.pc/CVE-2013-1960.patch

.pc/CVE-2013-1960.patch/tools

.pc/CVE-2013-1960.patch/tools/tiff2pdf.c

.pc/CVE-2013-1961.patch

.pc/CVE-2013-1961.patch/contrib

.pc/CVE-2013-1961.patch/contrib/dbs

.pc/CVE-2013-1961.patch/contrib/dbs/xtiff

.pc/CVE-2013-1961.patch/contrib/dbs/xtiff/xtiff.c

.pc/CVE-2013-1961.patch/libtiff

.pc/CVE-2013-1961.patch/libtiff/tif_codec.c

.pc/CVE-2013-1961.patch/libtiff/tif_dirinfo.c

.pc/CVE-2013-1961.patch/tools

.pc/CVE-2013-1961.patch/tools/rgb2ycbcr.c

.pc/CVE-2013-1961.patch/tools/tiff2bw.c

.pc/CVE-2013-1961.patch/tools/tiff2pdf.c

.pc/CVE-2013-1961.patch/tools/tiff2ps.c

.pc/CVE-2013-1961.patch/tools/tiffcrop.c

.pc/CVE-2013-1961.patch/tools/tiffdither.c

debian/patches/CVE-2013-1960.patch

debian/patches/CVE-2013-1961.patch

files modified:
.pc/applied-patches

contrib/dbs/xtiff/xtiff.c

debian/changelog

debian/patches/series

libtiff/tif_codec.c

libtiff/tif_dirinfo.c

tools/rgb2ycbcr.c

tools/tiff2bw.c

tools/tiff2pdf.c

tools/tiff2ps.c

tools/tiffcrop.c

tools/tiffdither.c

Show diffs side-by-side

added added

removed removed

tools/tiff2bw.c

205

}

206

}

207

TIFFSetField(out, TIFFTAG_PHOTOMETRIC, PHOTOMETRIC_MINISBLACK);

208

sprintf(thing, "B&W version of %s", argv[optind]);

208

snprintf(thing, sizeof(thing), "B&W version of %s", argv[optind]);

209

TIFFSetField(out, TIFFTAG_IMAGEDESCRIPTION, thing);

210

TIFFSetField(out, TIFFTAG_SOFTWARE, "tiff2bw");

211

outbuf = (unsigned char *)_TIFFmalloc(TIFFScanlineSize(out));

Older »