Module Name:	pkgsrc
Committed By:	salo
Date:		Wed Aug  2 15:42:25 UTC 2006

Modified Files:
	pkgsrc/graphics/tiff: Makefile distinfo
Added Files:
	pkgsrc/graphics/tiff/patches: patch-av patch-aw patch-ax patch-ay
	    patch-az patch-ba patch-bb patch-bc

Log Message:
Security fixes for SA21304:

"Some vulnerabilities have been reported in libTIFF, which can be
 exploited by malicious people to cause a DoS (Denial of Service)
 or potentially compromise a vulnerable system.

 The vulnerabilities are caused due to various heap and integer
 overflows when processing TIFF images and can be exploited via
 a specially crafted TIFF image.

 Successful exploitation allows crashing applications linked against
 libTIFF and may also allow execution of arbitrary code."

http://secunia.com/advisories/21304/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3463
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3464
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3465

Patches from Tavis Ormandy, Google Security Team via SUSE.
Bump PKGREVISION.


To generate a diff of this commit:
cvs rdiff -r1.83 -r1.84 pkgsrc/graphics/tiff/Makefile
cvs rdiff -r1.38 -r1.39 pkgsrc/graphics/tiff/distinfo
cvs rdiff -r0 -r1.5 pkgsrc/graphics/tiff/patches/patch-av \
    pkgsrc/graphics/tiff/patches/patch-aw \
    pkgsrc/graphics/tiff/patches/patch-ax
cvs rdiff -r0 -r1.3 pkgsrc/graphics/tiff/patches/patch-ay
cvs rdiff -r0 -r1.1 pkgsrc/graphics/tiff/patches/patch-az \
    pkgsrc/graphics/tiff/patches/patch-ba \
    pkgsrc/graphics/tiff/patches/patch-bb \
    pkgsrc/graphics/tiff/patches/patch-bc

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.