-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 02 Feb 2019 18:34:29 +0000 Source: tiff Architecture: source Version: 4.0.10-4 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Closes: 902718 908778 913675 921157 Changes: tiff (4.0.10-4) unstable; urgency=high . * Backport security fixes: - CVE-2018-12900: heap-based buffer overflow in cpSeparateBufToContigBuf() cause remote DoS (closes: #902718), - CVE-2018-17000: NULL pointer dereference in _TIFFmemcmp() cause DoS (closes: #908778), - CVE-2018-19210: NULL pointer dereference in TIFFWriteDirectorySec() cause DoS (closes: #913675), - CVE-2019-6128: TIFFFdOpen() memory leak (closes: #921157). * Update watch file. * Update Standards-Version to 4.3.0 . Checksums-Sha1: fd2d79ee73e8fda214410ba2cba13b24b848e43a 2173 tiff_4.0.10-4.dsc dde956fd05e3e6692415d5f20ff60ee6628d4b51 21580 tiff_4.0.10-4.debian.tar.xz 58d0e8826c69414ada678a83b516ccbc21652b3d 12301 tiff_4.0.10-4_amd64.buildinfo Checksums-Sha256: 3c5d339cd5dbb59c1e97bf8687c36e0ed75aefe79fc248f749931897060a641e 2173 tiff_4.0.10-4.dsc eed80359456ae1437426be3894ed594ac6d6051306afee6093abdc65a07887b0 21580 tiff_4.0.10-4.debian.tar.xz 1987e6a2a6663329e4a392520197720df46d9c0fa874080942a82f607db871af 12301 tiff_4.0.10-4_amd64.buildinfo Files: 686f89cb05d7cd2df787834c09cfdfbb 2173 libs optional tiff_4.0.10-4.dsc 527aa96aafa8ef13bd81ace4b0812da6 21580 libs optional tiff_4.0.10-4.debian.tar.xz 14f213a51a89f8e0c73d672387de1fb4 12301 libs optional tiff_4.0.10-4_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlxWDVIACgkQ3OMQ54ZM yL90vA/+Oy5yQQvux23pGN5ycpEm70GouG30NvVebcy6PQM/lihu+t2u3YxJE7nj KgtUX80p+qfBzaji9EfaI3xSW3OGa1AMfx1B0/NL8uqdm5hiGathCvLJLsXrx9Qi CH7MleH3OzCDIlzJYAnm6/OCkw7RijBCN/1szavVjBud3f4jBVODF0/MfCHoekCm GxbBeSLf+kgQTj1ej0s3/3rvWeoAki/wY8Ym6RuP2VEepMCbF8SbeWCHJJ6RLzze vz2sJIxUOyg0vIeMBikDJwku6YfmyLMrM42EOxfuewUhqmyqZWUDcN0XZQmkel3u 1HfCwG7mquVF8UHJYdVbBGOKh5EOo1/2nL/vbyYhrUZyPnQl7ppZFIAYq9w/WE+8 MmJVxx2oyYI1g8GiSymEgfIWif4XfykICNcKYvdnSk1pcZD4DqI+RIiEZaPTRBqw uqWCRSrwBC65p3YSO0tdWG7kWeZNz8YMobaoK5QXMiEm/WPFfe4T4E7DcPj7Zn68 smCxmRCG9jQSI6Vl4GT+1+v5Ibg5NE256PlgWJ3bwpUUwqjcAgBBV6Vv08iJBtxS XkjFE5/niyssy7QpWH1M7XygIeZUe814SKMhgMhjzmxvZNQ0I+SPrzqiznRKMN1x eBI7pQLXbBqRPg8zY1v+VtSN6LcBANzfWt5rTWVUVGArWGz/J5I= =vejK -----END PGP SIGNATURE-----