Subject: CVS commit: pkgsrc/graphics/tiff
To: None <pkgsrc-changes@NetBSD.org>
From: Lubomir Sedlacik <salo@netbsd.org>
List: pkgsrc-changes
Date: 06/08/2006 11:05:14
Module Name: pkgsrc
Committed By: salo
Date: Thu Jun 8 11:05:14 UTC 2006
Modified Files:
pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
pkgsrc/graphics/tiff/patches: patch-au
Log Message:
Security fix for CVE-2006-2193:
"A vulnerability in LibTIFF can be exploited by malicious people to
cause a DoS (Denial of Service) and potentially compromise a user's
system.
The vulnerability is caused due to a boundary error within tiff2pdf
when handling a TIFF file with a "DocumentName" tag that contains
UTF-8 characters. This can be exploited to cause a stack-based buffer
overflow and may allow arbitrary code execution."
http://secunia.com/advisories/20488/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193
Patch from Ubuntu.
To generate a diff of this commit:
cvs rdiff -r1.81 -r1.82 pkgsrc/graphics/tiff/Makefile
cvs rdiff -r1.37 -r1.38 pkgsrc/graphics/tiff/distinfo
cvs rdiff -r0 -r1.5 pkgsrc/graphics/tiff/patches/patch-au
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.