[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted tiff 4.0.3-12.3+deb8u3 (source all amd64) into proposed-updates->stable-new, proposed-updates

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 21 Apr 2017 20:22:02 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 783555 818360
Changes:
 tiff (4.0.3-12.3+deb8u3) jessie-security; urgency=high
 .
   * Backport fix for the following vulnerabilities:
     - CVE-2014-8127 and CVE-2016-3658: out-of-bounds read in the tiffset tool,
     - CVE-2016-9535: replace assertions by runtime checks to avoid assertions
       in debug mode, or buffer overflows in release mode,
     - CVE-2016-10266: divide-by-zero in TIFFReadEncodedStrip,
     - CVE-2016-10267: divide-by-zero in OJPEGDecodeRaw,
     - CVE-2016-10269: heap-based buffer overflow in _TIFFmemcpy,
     - CVE-2016-10270: heap-based buffer overflow in TIFFFillStrip,
     - CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value,
     - CVE-2017-7592: left-shift undefined behavior issue in putagreytile,
     - CVE-2017-7593: unitialized-memory access from tif_rawdata,
     - CVE-2017-7594: leak in OJPEGReadHeaderInfoSecTablesAcTable,
     - CVE-2017-7595: divide-by-zero in JPEGSetupEncode,
     - CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599,
       CVE-2017-7600, CVE-2017-7601 and CVE-2017-7602: multiple UBSAN crashes.
   * Add required _TIFFcalloc@LIBTIFF_4.0 symbol to the libtiff5 package.
 .
   [ Tobias Lippert <lippertto_oss@fastmail.com> ]
   * Fix a regression introduced by patch CVE-2014-8128-5 where enabling
     compression of tif files results in corrupt files
     (closes: #783555, #818360).
Checksums-Sha1:
 9e49b7faf0894a9d89ebf9274c9a5a1eaa8a7e4b 2240 tiff_4.0.3-12.3+deb8u3.dsc
 59c40b9fa8dc52899f47e471a18c5183851f2232 54732 tiff_4.0.3-12.3+deb8u3.debian.tar.xz
 bc84253e98ffd0f1f7e6caaf905aee40f2d07ed1 369810 libtiff-doc_4.0.3-12.3+deb8u3_all.deb
 9c2d75a3cf4b669d828933b7e4d4387e22457ea0 219180 libtiff5_4.0.3-12.3+deb8u3_amd64.deb
 ff677e9905dbbdc48627f29871b2c2bde1b1793a 79568 libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb
 d6e7309a2c5a4041360d2be78ea7b219c1f49960 341852 libtiff5-dev_4.0.3-12.3+deb8u3_amd64.deb
 a0322a3bb3e36a6de4a52fe78d35878bf860e5e5 273602 libtiff-tools_4.0.3-12.3+deb8u3_amd64.deb
 4661aada1b0a971dada7b90e27753b6d94b77e76 84508 libtiff-opengl_4.0.3-12.3+deb8u3_amd64.deb
Checksums-Sha256:
 b28cf94a08ce2b4412818fca5b2cf76eccc6c5be9959dbe3e0cb8813c86ec19e 2240 tiff_4.0.3-12.3+deb8u3.dsc
 e40cde6d95c4243c73f6d8a927f4c32cf31cbcca9a3614280822811d52576fe8 54732 tiff_4.0.3-12.3+deb8u3.debian.tar.xz
 b5d0877eb6bbd7548f6cca349b7dd2080c2120e70f03b87151a344a2af286de1 369810 libtiff-doc_4.0.3-12.3+deb8u3_all.deb
 95d94fe0aa132febabecd308b669fbe4806c619ae32b99c3ad19f85c715314ff 219180 libtiff5_4.0.3-12.3+deb8u3_amd64.deb
 f596c8fa89a7ac86b11f062d7c7426911656f35ea87ed338abdac91143709330 79568 libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb
 f24928acd4601c6103ea00fe9f4320afb9769f41aa4ee0cf64388a33042c7e74 341852 libtiff5-dev_4.0.3-12.3+deb8u3_amd64.deb
 3f7dffd29887d973d4b628edf36ac687fedd1c58f9f40c8f5c08fa2018cc96f4 273602 libtiff-tools_4.0.3-12.3+deb8u3_amd64.deb
 f57220ffa40ea2cdecc959e5bd593d6e40e3eb5b2cf453564f21acdaf1d554fd 84508 libtiff-opengl_4.0.3-12.3+deb8u3_amd64.deb
Files:
 cf6dbe77d5f6c948f992ee0fb85da9b1 2240 libs optional tiff_4.0.3-12.3+deb8u3.dsc
 29d02f77500ababc6c53e699c06e33a6 54732 libs optional tiff_4.0.3-12.3+deb8u3.debian.tar.xz
 3cd4a263ce02d786ce55e4961f1a5ed0 369810 doc optional libtiff-doc_4.0.3-12.3+deb8u3_all.deb
 5ad3705d9f3b84ff7021bc9a6141b1b1 219180 libs optional libtiff5_4.0.3-12.3+deb8u3_amd64.deb
 cad48a9dfeb508078f92772ed01d95db 79568 libs optional libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb
 68bd3fb31d224346fe1afd420846c7ce 341852 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u3_amd64.deb
 5a75ac3fced01feec38ad948c873d819 273602 graphics optional libtiff-tools_4.0.3-12.3+deb8u3_amd64.deb
 4df36aa0aa142d8ffbe4215dfae5677d 84508 graphics optional libtiff-opengl_4.0.3-12.3+deb8u3_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlkCaI4ACgkQ3OMQ54ZM
yL9hLw/9G8ywIH+GHZ9Ebtr4tm7e++LQBpiK1CZOtd6y5M4vsSkjG2CBh4flvfWx
fv4jXl1ZXOSTqHQJoI6H6TAf++2AowuunxKuBe6yOD14yiSYFEgniQ5pOE1PtnCd
P8lJTrdB3phadTDaZ3w7yYwh5HLReH5MbleCPVcA+2zONQhwxRzr8qkHcmVhelSU
jtE96utCjQf+lYbmLvq7LhnE2o85vhaEoyfaKWMUSLOFVhJQzu6dLbXhP470A01B
naurOHIfQ5vFVcnswqIzyjDh0YU3eM06xDrx06DKEnBVtRVUDT72FCIuwVaeI7nb
QRcQv8MV2FCFrx7IaLUiNnt4wFS0s8HilNHdYtA90BNugxsazH/Dx1Fh6Sg4zwRM
wrm45AFa5vHcXKjmQeKzicisJrOE9bzsx2gX4xDWTEZn+XrvDdZbRpCn//kii4u3
njpyod7dXm3ul2XdRl270dCDKxSfYTjwg9hxaX6vAaWv9NyJZGOzGbeRu3oobZQF
K2RQtD8R6Hi2Cem6Sro56e6JfKPhptThWsnbixwES0Tk7tCjsriuEjr29F/MkKdN
siirUcVAKbfIY5y3CVGbtbfVZrD4kGZ41+c/jh3IpQsXwtB7oiYMN9yCRSj/UinL
GS0XTYGgfd+fSX8lD4AwYDYSIZ1afv8FnZCiLEvTJ9CPXjNoQbU=
=+7tg
-----END PGP SIGNATURE-----
Reply to: