diff options
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -1,3 +1,14 @@ +2012-06-15 Tom Lane <tgl@sss.pgh.pa.us> + + * libtiff/tif_strip.c, libtiff/tif_tile.c: Back-patch the 4.0 + behavior of treating signed overflow as an error in TIFFVStripSize + and TIFFVTileSize. This is needed since the result is declared as + tsize_t which is signed, and callers are likely to do the wrong + thing entirely when the returned value is negative (CVE-2012-2088). + + * tools/tiff2pdf.c: Defend against integer overflows while + calculating required buffer sizes (CVE-2012-2113). + 2012-06-04 Frank Warmerdam <warmerdam@google.com> * libtiff/tif_dirread.c: Avoid trusting samplesperpixel's default |