-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 17 Sep 2019 22:07:35 +0000 Source: tiff Architecture: source Version: 4.0.10+git190903-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changes: tiff (4.0.10+git190903-1) unstable; urgency=high . * Git snapshot, fixing the following security issues: - setByteArray(): avoid potential signed integer overflow, - EstimateStripByteCounts(): avoid several unsigned integer overflows, - tif_ojpeg: avoid two unsigned integer overflows, - OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions close to UINT32_MAX, - _TIFFPartialReadStripArray(): avoid unsigned integer overflow, - JPEG: avoid use of uninitialized memory on corrupted files, - TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t, - allocChoppedUpStripArrays(): avoid unsigned integer overflow, - tif_ojpeg: avoid use of uninitialized memory on edge/broken file, - ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer overflows. Checksums-Sha1: fe3839ed6f77241d8e3a04256a9d70b950f66df5 2243 tiff_4.0.10+git190903-1.dsc 799aa1eab0becbb30c0ec23be15d732f2ba75e02 1478104 tiff_4.0.10+git190903.orig.tar.xz 141a5ab6686004ec31d2fd027b1ec3e481dcc828 18668 tiff_4.0.10+git190903-1.debian.tar.xz Checksums-Sha256: 4b4db2794eb2de561e0db11e13fd8a4c77e40e4a1cfb255321b58fb173ac15a5 2243 tiff_4.0.10+git190903-1.dsc 69695bd1ba38969ac3245fbfef503aeab3ecee1b4d9b2f5ed8f6a60220e231a7 1478104 tiff_4.0.10+git190903.orig.tar.xz f4439562a7f5e365001d3434c679e8dc70a9278bfb94ee3cba82267602d987b9 18668 tiff_4.0.10+git190903-1.debian.tar.xz Files: 360d8786166a235cadcb06b6b20cf7de 2243 libs optional tiff_4.0.10+git190903-1.dsc ea00421593a3d51253e9e846627cb28f 1478104 libs optional tiff_4.0.10+git190903.orig.tar.xz 73fb27a539dc210fb7c9a0f65402e3b5 18668 libs optional tiff_4.0.10+git190903-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl2BYlUACgkQ3OMQ54ZM yL+b/A//Xv+s+5fcqwfnW8zPFgZhH/Rpgu4fhFqz9+SRbmwbjD2CnCq9QNrKajwL /PvQM338SJYrUl2DCNhm/7KgMygGQr/+5Iq0CfC/7BFh+mBbkQCpaJbGzFZiGKhd zBH9DJgQa549LytPyN68nn+8o9bQD7t56LTVwqwyARKMuKyYiD/AcIb6VL4JeX0C EO+3unlt4gTP1ylZ6PpEwRIVu0UBx0/JkWMAXgCXboJHCePDhFGqlvlhaG8tlnlY 7SONhAVV5IsrIc8RgSim358+/NdL+dJR6G8e7jeBTGMZKtbsUqQUzwObUTx9uCnz vgFAspZqUo9+Xh2ck/fPUjj94zuOLnLjjqLM/qnBkuEiho9JV2/17bQNLjvln85V Ixdjuzs/tSK4fvZQnDjaOo4Yjis4BLhCZo+JQN1nDtVi4MsTDQmUctnbxN9b2tvj oBHwct6xFyu12rN9fXQ74EyYlg1680EQs+mtwWvokyQwwCDS5NAKOWr+JeOKC9CC VetLmxjDv/cMnXT+0GAU/1vjro9/aiXyQCoe9CpLSRjUIyrVF8mrt9rz+RuJMZQq 1pbMfOGiNT1S3NbTVxn2Pcns8Do15ZDKv8uo+o9nT1UlmUu+NIETdKwFlB2OvO9j 7CnTMG+pcFqqBfv/KpIsXZTG0clNgKcGDMQkmGqlqUW7jt6unps= =2vAB -----END PGP SIGNATURE-----