Accepted tiff 4.0.2-6+deb7u9 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Jan 2017 15:05:14 -0500
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.2-6+deb7u9
Distribution: wheezy-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 846837
Changes:
tiff (4.0.2-6+deb7u9) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2016-3622: The fpAcc function in tif_predict.c in the tiff2rgba
tool in LibTIFF 4.0.6 and earlier allows remote attackers to cause a
denial of service (divide-by-zero error) via a crafted TIFF image.
* CVE-2016-3623: The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows
remote attackers to cause a denial of service (divide-by-zero) by
setting the (1) v or (2) h parameter to 0. (Fixed along with CVE-2016-3624.)
* CVE-2016-3624: The cvtClump function in the rgb2ycbcr tool in
LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial
of service (out-of-bounds write) by setting the "-v" option to -1.
* CVE-2016-3945: Multiple integer overflows in the (1) cvt_by_strip
and (2) cvt_by_tile functions in the tiff2rgba tool in LibTIFF 4.0.6
and earlier, when -b mode is enabled, allow remote attackers to
cause a denial of service (crash) or execute arbitrary code via a
crafted TIFF image, which triggers an out-of-bounds write.
* CVE-2016-3990: Heap-based buffer overflow in the
horizontalDifference8 function in tif_pixarlog.c in LibTIFF 4.0.6
and earlier allows remote attackers to cause a denial of service
(crash) or execute arbitrary code via a crafted TIFF image to
tiffcp.
* CVE-2016-9533: tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write
vulnerabilities in heap allocated buffers. Reported as MSVR 35094, aka
"PixarLog horizontalDifference heap-buffer-overflow."
* CVE-2016-9534: tif_write.c in libtiff 4.0.6 has an issue in the error
code path of TIFFFlushData1() that didn't reset the tif_rawcc and
tif_rawcp members. Reported as MSVR 35095, aka "TIFFFlushData1
heap-buffer-overflow."
* CVE-2016-9535: tif_predict.h and tif_predict.c in libtiff 4.0.6 have
assertions that can lead to assertion failures in debug mode, or
buffer overflows in release mode, when dealing with unusual tile size
like YCbCr with subsampling. Reported as MSVR 35105, aka "Predictor
heap-buffer-overflow."
* CVE-2016-9536: tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds
write vulnerabilities in heap allocated buffers in
t2p_process_jpeg_strip(). Reported as MSVR 35098, aka
"t2p_process_jpeg_strip heap-buffer-overflow."
* CVE-2016-9537: tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds
write vulnerabilities in buffers. Reported as MSVR 35093, MSVR 35096,
and MSVR 35097.
* CVE-2016-9538: tools/tiffcrop.c in libtiff 4.0.6 reads an undefined
buffer in readContigStripsIntoBuffer() because of a uint16 integer
overflow. Reported as MSVR 35100.
* CVE-2016-9540: tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds
write on tiled images with odd tile width versus image width.
Reported as MSVR 35103, aka cpStripToTile heap-buffer-overflow.
* CVE-2016-10092: heap-buffer-overflow in tiffcrop
* CVE-2016-10093: uint32 underflow/overflow that can cause heap-based
buffer overflow in tiffcp
* CVE-2017-5225: LibTIFF version 4.0.7 is vulnerable to a heap buffer
overflow in the tools/tiffcp resulting in DoS or code execution via
a crafted BitsPerSample value.
* heap-based buffer overflow in TIFFFillStrip (tif_read.c) (Closes:
846837)
Checksums-Sha1:
b120d6b165aa714ceb198c70b66b5bfab8f93923 2206 tiff_4.0.2-6+deb7u9.dsc
076189d0e951f879324d70b559608dd36b2a3dfa 66599 tiff_4.0.2-6+deb7u9.debian.tar.gz
f64c4677cf44bbff66451f75228b91f8cdeb3d05 411858 libtiff-doc_4.0.2-6+deb7u9_all.deb
49dfadb78b9e59f177daf0e7b609460819b07f8e 237426 libtiff5_4.0.2-6+deb7u9_amd64.deb
875dcb392d1bb3c1ff8b28b20232ff54fdc1a491 75834 libtiffxx5_4.0.2-6+deb7u9_amd64.deb
746d3fc8f9add20d83a8ef7a762db76912083012 379370 libtiff5-dev_4.0.2-6+deb7u9_amd64.deb
a521caf685ee72d0328e05dbc605f80743d7cea7 299890 libtiff5-alt-dev_4.0.2-6+deb7u9_amd64.deb
fffb0cdbdeccc88d4a43a3f191e3c4cf0955a3e5 307280 libtiff-tools_4.0.2-6+deb7u9_amd64.deb
3568b30ba851708264c48efaeb4f15115e394880 81396 libtiff-opengl_4.0.2-6+deb7u9_amd64.deb
Checksums-Sha256:
8a39bafb8dad8c203dcfdbbcbac894716cd7893bf4a6784c37c7195f6f38b114 2206 tiff_4.0.2-6+deb7u9.dsc
6799bb5c29ef38ef0cf3e8fde67eed566d3cca1b12193b6892acb134307e1e23 66599 tiff_4.0.2-6+deb7u9.debian.tar.gz
16dddbe999b621ca322ca0e1d83726461a6c8067022f9270ed9d785add76feec 411858 libtiff-doc_4.0.2-6+deb7u9_all.deb
babe9463f080e30fc2b34d3b92d48bfd67204c0cbddc87b70c0153b868dfc249 237426 libtiff5_4.0.2-6+deb7u9_amd64.deb
8e128aa17ead998264a24f03be7f40eebcd8f68847660b48443e12ff085baf56 75834 libtiffxx5_4.0.2-6+deb7u9_amd64.deb
c7443d5e9602e265a62f3b162d730db647ef79cf0091d8ad6f68831ff193e74e 379370 libtiff5-dev_4.0.2-6+deb7u9_amd64.deb
318e38906a42394c83fc1e409b8e61306896221eb18b443606fcf3df0e9decf9 299890 libtiff5-alt-dev_4.0.2-6+deb7u9_amd64.deb
20edde7f4c2f0395c08214b4fad2b43207710295e13b7d676e2a630c4d02d47c 307280 libtiff-tools_4.0.2-6+deb7u9_amd64.deb
4bf13f99c34fc77e1bd1526e853d7c48bc32cc2aee58e53046045cfeec7a05b3 81396 libtiff-opengl_4.0.2-6+deb7u9_amd64.deb
Files:
b6630db68ba89329eec2246c953a619b 2206 libs optional tiff_4.0.2-6+deb7u9.dsc
5dfa6c03f4388fe08e68dae2b4a0cbbc 66599 libs optional tiff_4.0.2-6+deb7u9.debian.tar.gz
ccc6c4205e52cc68ea0485fe26445627 411858 doc optional libtiff-doc_4.0.2-6+deb7u9_all.deb
889a285e611213a84d74e5570c4a3b59 237426 libs optional libtiff5_4.0.2-6+deb7u9_amd64.deb
737403bd7f7e6a2cce514a8440755053 75834 libs optional libtiffxx5_4.0.2-6+deb7u9_amd64.deb
2d13523ff737540888bbecf2b4660a5a 379370 libdevel optional libtiff5-dev_4.0.2-6+deb7u9_amd64.deb
29fa9c0241137c6fda70751bc6714162 299890 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u9_amd64.deb
a103b380c7de2ef156eb33e623f9a28e 307280 graphics optional libtiff-tools_4.0.2-6+deb7u9_amd64.deb
bcbe03d80392ceac79546bb613eab8ab 81396 graphics optional libtiff-opengl_4.0.2-6+deb7u9_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAliGgYcACgkQeSFSUnt1
kh41Rw//YjfcUWfCE/BDxBinUsI3y5JX9j2OhLYfLgTlwQXwNPjXEBP/shn8U9vo
3keLpGMO4HHArnbl43CRMxoip+ELRMiz6qYWBs1jwC+2NoU9jEijc9gWy9tmQ3hw
Ti9LrgJCBQd+cXo7Kyc/WVSEDIA/w5BXSk8frSzkz3LWUGw5JOiolP+g+izW1H+i
SAj/1y2JEnK4/dPnXjTsa3W8ZXy8qr9eIyLPLWVidiDeFrk/k2iCCsYzX1tvTMK8
NZMEKWFci7j5j5CIu8xshbNTW1GPip86W9+Ihr1wb+XNNy2rIqx9SWdAJulNoEKR
zJlntrgnkaoC6YWUG25iHaD3aFm2kBYtkFBW3rNpkfLZo9EB++F0HDcA2cP3XGAd
xTdA47yKcKe0Cdc+Hlt3HHXlrGeyZdDaLI5xFNc6u9pBAarfzd3iifQ3S0ik9NEo
dedSsK+DYbyeTRqp/mKbly+mUEFWQtaF2LSqxS9SHDQSXM3dqn/3XvJifhnqFu4t
M1vmUw7+Suj6Z6hHGw/4d435tDN/Mp50Ew7aVtN8sbpvzoz5xqZoj7cZIEkVMLvs
ejYwO188Ba24OhJTAsz0IbfUowrBc5ljI13zNjrUGdZEiSayFNHS+ecVrI+RVI0n
cNHuZ3jMmXVM5xKHtY2EqGJncdFIEuGz7bRfttL9XU5App6/ZvY=
=tGyE
-----END PGP SIGNATURE-----
Reply to: