Hi! This has been assigned CVE-2006-2193. This is the Ubuntu patch:
http://patches.ubuntu.com/patches/tiff.tiff2pdf-octal-printf.patch which fixes the sprintf to use a char-sized number instead of an integer-sized, so that e. g. -1 ends up as \377 instead of \37777777777, and the 5-byte buffer isn't overflown. (Patch contains our changelog in the header). Thanks, Martin -- Martin Pitt http://www.piware.de Ubuntu Developer http://www.ubuntu.com Debian Developer http://www.debian.org In a world without walls and fences, who needs Windows and Gates?
signature.asc
Description: Digital signature
