Subject: CVS commit: [pkgsrc-2006Q2] pkgsrc/graphics/tiff
To: None <pkgsrc-changes@NetBSD.org>
From: Geert Hendrickx <ghen@netbsd.org>
List: pkgsrc-changes
Date: 08/02/2006 17:56:46
Module Name: pkgsrc
Committed By: ghen
Date: Wed Aug 2 17:56:46 UTC 2006
Modified Files:
pkgsrc/graphics/tiff [pkgsrc-2006Q2]: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches [pkgsrc-2006Q2]: patch-av patch-aw
patch-ax patch-ay patch-az patch-ba patch-bb patch-bc
Log Message:
Pullup ticket 1774 - requested by salo
security fix for tiff
Revisions pulled up:
- pkgsrc/graphics/tiff/Makefile 1.84
- pkgsrc/graphics/tiff/distinfo 1.39
- pkgsrc/graphics/tiff/patches/patch-av 1.5
- pkgsrc/graphics/tiff/patches/patch-aw 1.5
- pkgsrc/graphics/tiff/patches/patch-ax 1.5
- pkgsrc/graphics/tiff/patches/patch-ay 1.3
- pkgsrc/graphics/tiff/patches/patch-az 1.1
- pkgsrc/graphics/tiff/patches/patch-ba 1.1
- pkgsrc/graphics/tiff/patches/patch-bb 1.1
- pkgsrc/graphics/tiff/patches/patch-bc 1.1
Module Name: pkgsrc
Committed By: salo
Date: Wed Aug 2 15:42:25 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-av patch-aw patch-ax patch-ay
patch-az patch-ba patch-bb patch-bc
Log Message:
Security fixes for SA21304:
"Some vulnerabilities have been reported in libTIFF, which can be
exploited by malicious people to cause a DoS (Denial of Service)
or potentially compromise a vulnerable system.
The vulnerabilities are caused due to various heap and integer
overflows when processing TIFF images and can be exploited via
a specially crafted TIFF image.
Successful exploitation allows crashing applications linked against
libTIFF and may also allow execution of arbitrary code."
http://secunia.com/advisories/21304/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465
Patches from Tavis Ormandy, Google Security Team via SUSE.
Bump PKGREVISION.
To generate a diff of this commit:
cvs rdiff -r1.83 -r1.83.2.1 pkgsrc/graphics/tiff/Makefile
cvs rdiff -r1.38 -r1.38.2.1 pkgsrc/graphics/tiff/distinfo
cvs rdiff -r0 -r1.4.6.1 pkgsrc/graphics/tiff/patches/patch-av \
pkgsrc/graphics/tiff/patches/patch-aw \
pkgsrc/graphics/tiff/patches/patch-ax
cvs rdiff -r0 -r1.2.6.1 pkgsrc/graphics/tiff/patches/patch-ay
cvs rdiff -r0 -r1.1.2.1 pkgsrc/graphics/tiff/patches/patch-az \
pkgsrc/graphics/tiff/patches/patch-ba \
pkgsrc/graphics/tiff/patches/patch-bb \
pkgsrc/graphics/tiff/patches/patch-bc
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.