* SECURITY UPDATE: Arbitrary command execution with crafted TIF files. * Add debian/patches/tiff2pdf-octal-printf.patch: - tools/tiff2pdf.c: Fix buffer overflow due to wrong printf for octal signed char (it printed a signed integer, which overflew the buffer and was wrong anyway). - CVE-2006-2193 diff -ruN tiff-3.7.4-old/tools/tiff2pdf.c tiff-3.7.4/tools/tiff2pdf.c --- tiff-3.7.4-old/tools/tiff2pdf.c 2005-06-23 15:30:28.000000000 +0200 +++ tiff-3.7.4/tools/tiff2pdf.c 2006-06-02 18:15:11.000000000 +0200 @@ -3758,7 +3758,7 @@ written += TIFFWriteFile(output, (tdata_t) "(", 1); for (i=0;i<len;i++){ if((pdfstr[i]&0x80) || (pdfstr[i]==127) || (pdfstr[i]<32)){ - sprintf(buffer, "\\%.3o", pdfstr[i]); + sprintf(buffer, "\\%.3hho", pdfstr[i]); written += TIFFWriteFile(output, (tdata_t) buffer, 4); } else { switch (pdfstr[i]){