[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Accepted tiff 4.0.3-12.3+deb8u6 (source all amd64) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 02 Jul 2018 13:04:59 +0200
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u6
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 869823 890441 891288 893806 898348
Changes:
 tiff (4.0.3-12.3+deb8u6) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-11613: DoS vulnerability
     A crafted input will lead to a denial of service attack. During the
     TIFFOpen process, td_imagelength is not checked. The value of
     td_imagelength can be directly controlled by an input file. In the
     ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is
     called based on td_imagelength. If  the value of td_imagelength is set close
     to the amount of system memory, it will hang the system or trigger the OOM
     killer. (Closes: #869823)
   * Fix CVE-2018-10963: DoS vulnerability
     The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF allows
     remote attackers to cause a denial of service (assertion failure and
     application crash) via a crafted file, a different vulnerability than
     CVE-2017-13726. (Closes: #898348)
   * Fix CVE-2018-5784: DoS vulnerability
     In LibTIFF, there is an uncontrolled resource consumption in the
     TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage
     this vulnerability to cause a denial of service via a crafted tif file.
     This occurs because the declared number of directory entries is not
     validated against the actual number of directory entries. (Closes: #890441)
   * Fix CVE-2018-7456: NULL Pointer Dereference
     A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in
     tif_print.c in LibTIFF when using the tiffinfo tool to print crafted
     TIFF information, a different vulnerability than CVE-2017-18013. (This
     affects an earlier part of the TIFFPrintDirectory function that was not
     addressed by the CVE-2017-18013 patch.) (Closes: #891288)
   * Fix CVE-2018-8905: Heap-based buffer overflow
     In LibTIFF, a heap-based buffer overflow occurs in the function
     LZWDecodeCompat in tif_lzw.c via a crafted TIFF file, as demonstrated by
     tiff2ps. (Closes: #893806)
Checksums-Sha1:
 e0a8e621ae55bf11135ed1c2e6a45de86bba5e6b 2391 tiff_4.0.3-12.3+deb8u6.dsc
 8ff96f1066909d5404fe721d7c4412251d9ed80b 66520 tiff_4.0.3-12.3+deb8u6.debian.tar.xz
 97501fc71de05a9368a82d72ce6b51b8c74c7a10 371922 libtiff-doc_4.0.3-12.3+deb8u6_all.deb
 ec7929fbffbe2733c6f19f791e7400a6410b2a98 222376 libtiff5_4.0.3-12.3+deb8u6_amd64.deb
 3d2f98811542d8ec86875357e8f83086c3902260 81506 libtiffxx5_4.0.3-12.3+deb8u6_amd64.deb
 a21101e97e5e58d8d31221f1244cffdee223352f 345024 libtiff5-dev_4.0.3-12.3+deb8u6_amd64.deb
 0226f0ce1c1d0b45f043482ae5a55539a618b57e 274868 libtiff-tools_4.0.3-12.3+deb8u6_amd64.deb
 a94eca3410cba6e9a0e678c05891b4d1f31dfee2 86424 libtiff-opengl_4.0.3-12.3+deb8u6_amd64.deb
Checksums-Sha256:
 783258d2abdba051b0732d4b36baf3b2f2c7f52c9d02b9fde3ff2c8377270300 2391 tiff_4.0.3-12.3+deb8u6.dsc
 87c0d9e7fcba9c7ada1542574bacc01dc7dca6665692ba42d02eb550a9b24562 66520 tiff_4.0.3-12.3+deb8u6.debian.tar.xz
 14a2a39d2af358cefa070eb05b4c640ddf14d3f99130b10a74b2868eda651938 371922 libtiff-doc_4.0.3-12.3+deb8u6_all.deb
 73f4e28cd270d59698feb45564fb73329eef645c645218420d600d7e13115b84 222376 libtiff5_4.0.3-12.3+deb8u6_amd64.deb
 225c18f676677d79b245c9a26c7f378d36cf38da9e983ed79e2adaf512d04bb3 81506 libtiffxx5_4.0.3-12.3+deb8u6_amd64.deb
 a090d9599ab2fea931e2f6777540e54096a8feef7d1fd93e84046d3616972451 345024 libtiff5-dev_4.0.3-12.3+deb8u6_amd64.deb
 265e2f23aa7b672953844157de8856408b016b52ccd47dc3048015b8b875778e 274868 libtiff-tools_4.0.3-12.3+deb8u6_amd64.deb
 daf6c5498f6cbfd31cd7e8d8768b16a531f6ac49d325d53fcb42dd8247ac4c13 86424 libtiff-opengl_4.0.3-12.3+deb8u6_amd64.deb
Files:
 e6801144bae10cc1cefb92919ccec4c5 2391 libs optional tiff_4.0.3-12.3+deb8u6.dsc
 f7e24d3f47cdd532eadaa530acd3de74 66520 libs optional tiff_4.0.3-12.3+deb8u6.debian.tar.xz
 33c6529df8c1b2d1674bfd1907af1d2e 371922 doc optional libtiff-doc_4.0.3-12.3+deb8u6_all.deb
 f0093fbf11b9a38e7260d336ec9b5ae8 222376 libs optional libtiff5_4.0.3-12.3+deb8u6_amd64.deb
 ce64e4682b8e1e11919ba828e4480c95 81506 libs optional libtiffxx5_4.0.3-12.3+deb8u6_amd64.deb
 1ffee62946fd25680683929babcbee52 345024 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u6_amd64.deb
 0f821d737cce7d40fe06cd3da62d8d3a 274868 graphics optional libtiff-tools_4.0.3-12.3+deb8u6_amd64.deb
 112572172172146a747e6be70964d8ef 86424 graphics optional libtiff-opengl_4.0.3-12.3+deb8u6_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAls6Cq5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkP0EQAMyugv187BJyrbCqiTp7+OzomVECBYNlhhf/
ZwkComvnSkuPKyT0T4pwurTGyn0CmCdSiHRHoV+6iSn2e4XJfG97k1R9Zm/6VnY6
VJpQeOywvXcFTQ1Whufn8LmncsWzXq0CvQw8YPmqGHWt9k6Qkr7TcG8MUW1l/6Gk
TMzlL9jUdO6VBCp5ZM/nuC9bVfmjbjLGsalLf8q5zLLO4F3l2rBovesWUZ29eikx
ctNhUA6yfWfD3Bcd9TKXZc+D1m+ghmRfYXHx/sU0fwqwOvGTyhR9uv/BsoZzgI/q
RZXuxGJ9vDfaKbDqbm6OVTG9CsuaR5pYP5+G3uaxjM97fKMNNrOP9awfBAPgJn7Z
GqQa9NfUCdOkvD99I74YkNWecLUPhLzUYz6o/dmX42mk4YkiQv1tGYqptWOEXV1g
uN2EuAPuGcD7++WkoSQ9AsdjirdUGU15U+H2rTvFYatqR6XNJH7dWCWcKsSYgddH
asRnvUuOACAlXvs2m+C3eoIVo5QEStLz6XA1Y1aJ9hwnFXfIzDxyFhWK/F+sJiEV
0b88nQw1gu5y1oaxYVqD24suS3cdNJsG++YMmWFnLtoESBpon0P6miXux20Vj4tN
l2oMCbkCAl6O9itOpwRkEKLinX3kFIQjundRDu5l0plFf80oGfHCl8o3KldF6/Zl
syX9jbbD
=Cm3i
-----END PGP SIGNATURE-----


Reply to: