pkgsrc-changes: CVS commit: [pkgsrc-2006Q1] pkgsrc/graphics/tiff

Subject: CVS commit: [pkgsrc-2006Q1] pkgsrc/graphics/tiff
To: None <pkgsrc-changes@NetBSD.org>
From: Soren Jacobsen <snj@netbsd.org>
List: pkgsrc-changes
Date: 06/09/2006 07:29:35

Module Name:	pkgsrc
Committed By:	snj
Date:		Fri Jun  9 07:29:35 UTC 2006

Modified Files:
	pkgsrc/graphics/tiff [pkgsrc-2006Q1]: Makefile PLIST distinfo
Added Files:
	pkgsrc/graphics/tiff/patches [pkgsrc-2006Q1]: patch-au

Log Message:
Pullup ticket 1694 - requested by salo
security update/fix for tiff

Revisions pulled up:
- pkgsrc/graphics/tiff/Makefile		1.79, 1.80, 1.82
- pkgsrc/graphics/tiff/distinfo		1.37-1.38
- pkgsrc/graphics/tiff/PLIST		1.10
- pkgsrc/graphics/tiff/patches/patch-au	1.5

   Module Name:	pkgsrc
   Committed By:	drochner
   Date:		Fri Mar 31 14:31:03 UTC 2006

   Modified Files:
   	pkgsrc/graphics/tiff: Makefile distinfo

   Log Message:
   update to 3.8.2
   changes: bugfixes
---
   Module Name:	pkgsrc
   Committed By:	uebayasi
   Date:		Wed Apr  5 07:04:18 UTC 2006

   Modified Files:
   	pkgsrc/graphics/tiff: Makefile PLIST

   Log Message:
   A missing entry in PLIST, found by ftp://ftp.NetBSD.org/pub/pkgsrc/misc/kristerw
   /pkgstat/i386-2.1/20060404.0711/graphics/tiff/.broken.html.

   Reviewed By:	reed
---
   Module Name:	pkgsrc
   Committed By:	salo
   Date:		Thu Jun  8 11:05:14 UTC 2006

   Modified Files:
   	pkgsrc/graphics/tiff: Makefile distinfo
   Added Files:
   	pkgsrc/graphics/tiff/patches: patch-au

   Log Message:
   Security fix for CVE-2006-2193:

   "A vulnerability in LibTIFF can be exploited by malicious people to
    cause a DoS (Denial of Service) and potentially compromise a user's
    system.

    The vulnerability is caused due to a boundary error within tiff2pdf
    when handling a TIFF file with a "DocumentName" tag that contains
    UTF-8 characters.  This can be exploited to cause a stack-based buffer
    overflow and may allow arbitrary code execution."

   http://secunia.com/advisories/20488/
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2193

   Patch from Ubuntu.


To generate a diff of this commit:
cvs rdiff -r1.78 -r1.78.2.1 pkgsrc/graphics/tiff/Makefile
cvs rdiff -r1.9 -r1.9.2.1 pkgsrc/graphics/tiff/PLIST
cvs rdiff -r1.36 -r1.36.2.1 pkgsrc/graphics/tiff/distinfo
cvs rdiff -r0 -r1.4.4.1 pkgsrc/graphics/tiff/patches/patch-au

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.