Accepted tiff 4.0.3-12.3+deb8u8 (source all amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Feb 2019 17:11:10 +1100
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u8
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Brian May <bam@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
tiff (4.0.3-12.3+deb8u8) jessie-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* Fix CVE-2018-19210: NULL pointer dereference
There is a NULL pointer dereference in the TIFFWriteDirectorySec function
in tif_dirwrite.c that will lead to a denial of service attack, as
demonstrated by tiffset.
* Fix CVE-2018-17000 CVE-2019-7663: NULL pointer dereference
A NULL pointer dereference in the function _TIFFmemcmp at tif_unix.c (called
from TIFFWriteDirectoryTagTransferfunction) allows an attacker
to cause a denial-of-service through a crafted tiff file. This vulnerability
can be triggered by the executable tiffcp.
Checksums-Sha1:
0c3dc7d2121de17309b8f78b18e3b5fd874d7ce6 2240 tiff_4.0.3-12.3+deb8u8.dsc
652e97b78f1444237a82cbcfe014310e776eb6f0 2051630 tiff_4.0.3.orig.tar.gz
d780f06e702e6051383b64902db231fb364fa7a6 69036 tiff_4.0.3-12.3+deb8u8.debian.tar.xz
e855f96db0b4ce100353b3009e96a177cec695c3 371892 libtiff-doc_4.0.3-12.3+deb8u8_all.deb
78a77acb805e1dd12cb9fde58a22d94411dd36c6 222812 libtiff5_4.0.3-12.3+deb8u8_amd64.deb
e99e2bb07cde1a525bb674d3c3b20468763c6e3d 81870 libtiffxx5_4.0.3-12.3+deb8u8_amd64.deb
af8716680c2277fb79de9300b38dfda75919e975 345680 libtiff5-dev_4.0.3-12.3+deb8u8_amd64.deb
6a72576141da234030df421f2e60703673b74f8d 275444 libtiff-tools_4.0.3-12.3+deb8u8_amd64.deb
a31da4be3e27dee050014fa8dcdafb6e5b0311be 86764 libtiff-opengl_4.0.3-12.3+deb8u8_amd64.deb
Checksums-Sha256:
cd630d9a863ee209d2159e12ed285aedaf236c44ae5134702a97b7b73504bf35 2240 tiff_4.0.3-12.3+deb8u8.dsc
ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 2051630 tiff_4.0.3.orig.tar.gz
9e5ae07b7e7e1554c43026d92905ae1ecc6296874521dbbf51b6bb4fa139271b 69036 tiff_4.0.3-12.3+deb8u8.debian.tar.xz
29efdf9bda8800cb21406bd7015491f038064e266ec7eb291ca81b7f57f1cde0 371892 libtiff-doc_4.0.3-12.3+deb8u8_all.deb
4d02579a25ef0f03da35ed8b1402789fe5e7a45e89d16352399800e91afc2dd4 222812 libtiff5_4.0.3-12.3+deb8u8_amd64.deb
f28142446118783a79b1627b1848c66835fc52cda0bf0f2561a79ba7c443f812 81870 libtiffxx5_4.0.3-12.3+deb8u8_amd64.deb
a6c010d1d8a9e0eb4f44e67eeb33cfcb3bd6482e74d1bc35a1bceb16960cce14 345680 libtiff5-dev_4.0.3-12.3+deb8u8_amd64.deb
e1245d515e7eafa94132d61b839a410c1e7ed52ad259698db67eaf747ed769e8 275444 libtiff-tools_4.0.3-12.3+deb8u8_amd64.deb
195f211b060b0810bbeab9ea6178ee77576e1a4d90cf4ea47874a2936bbe5631 86764 libtiff-opengl_4.0.3-12.3+deb8u8_amd64.deb
Files:
ca51a416b924ed3fad582e38dc486931 2240 libs optional tiff_4.0.3-12.3+deb8u8.dsc
051c1068e6a0627f461948c365290410 2051630 libs optional tiff_4.0.3.orig.tar.gz
f4c2ed9a194b7453364091da7b4a61dd 69036 libs optional tiff_4.0.3-12.3+deb8u8.debian.tar.xz
b92d2190d931dbea2fd98ad1d47db0ad 371892 doc optional libtiff-doc_4.0.3-12.3+deb8u8_all.deb
01b7c20ad7583ef88b6536fe58588bdc 222812 libs optional libtiff5_4.0.3-12.3+deb8u8_amd64.deb
6a7f5a8ee53052d8ea481d4124ad3cc0 81870 libs optional libtiffxx5_4.0.3-12.3+deb8u8_amd64.deb
3e1700baee485ed6ada2147947945391 345680 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u8_amd64.deb
0c6c6ad1ec6d3ae02a46914e196b2536 275444 graphics optional libtiff-tools_4.0.3-12.3+deb8u8_amd64.deb
ea48aa55ffa1b584b5bff19d2b41be93 86764 graphics optional libtiff-opengl_4.0.3-12.3+deb8u8_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAlxqTjgACgkQKpJZkldk
Svot0A/9EuFiS7JO7zCHuwu09QwswcLOzw78j4PMUBtAyXLMZm5demDPYpDhN32Z
MVsSNSc5Ui+FLSEu+PKa+Y7F9CLIqyrjLY2uX6IwDZTBgLizP/4BFKfZXEPOLLgx
1okUw9gws2ZDLNFjFPXl1JjpY8y8X2PC9NmB8+ZqANmRsyvyhtyOf7C9ilTzhfy+
UVL+tlX0EB6Ulvkf8eg2WsWULLHWohAxUMJmkBwXEczg5IVDt38oLvEjd1qnRLrs
7CcqnToj4WD34hmZSSEqGmY+0vAzvkPMJ8re0Hv3qgT6XMJY7lRK0je1KLWdiCbD
FvTlMYyWRcN2Ob6UWGaWhv6idhGA8jJlgzf2HNK8xss0GDx2ilku0ZS5tTGsRKW/
u/skKuuVFC5yWendbXvH3bU5xWi/vbUPw4PRTBRnGt7trH/1k/w9a+2AxA1E2FE1
Evz+PbEVaWsTMx15+/Z8M4qaNhrHI0YAFD0c1XpOMKaDw/nyTG+4wcC9o26luuUK
vtwdovsbqeWqOoTD82jZWnwpdOQYKF1L7Ku/VpMmALy9OtjoK1eiKCR7xWchCMAj
uZb7HS0FaCSo6gRAv65f8H9TSxF1Cl4r6dUE1l44Tx4PlWEW2S2tjip77+YMFuqm
RLGgxuOq4+MsnXT95/ISamr/G+w7cC+/j4Jkn1nPgKuVv4YEkkw=
=SCRW
-----END PGP SIGNATURE-----
Reply to: