-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 26 Nov 2019 19:03:02 +0100 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.3-12.3+deb8u10 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.3-12.3+deb8u10) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2019-17546 The RGBA interface contains an integer overflow that might lead to heap buffer overflow write. * CVE-2019-6128 memory leak due to missing cleanup code * CVE-2018-18661 In case of exhausted memory there is a null pointer dereference in tiff2bw. * CVE-2018-12900 Fix for heap-based buffer overflow, that could be used to crash an application or even to execute arbitrary code (with the permission of the user running this application). * CVE-2017-17095 A crafted tiff file could lead to a heap buffer overflow in pal2rgb. Checksums-Sha1: 40b4d56834083c0559cc4bac44a43642a63efdf2 2403 tiff_4.0.3-12.3+deb8u10.dsc 652e97b78f1444237a82cbcfe014310e776eb6f0 2051630 tiff_4.0.3.orig.tar.gz ed904353e6a61b09d5fc5ca5c9cebd0f67a7bff9 72116 tiff_4.0.3-12.3+deb8u10.debian.tar.xz 6367ff031ec213b8ab0709191f627582821ceeab 372476 libtiff-doc_4.0.3-12.3+deb8u10_all.deb 4c619bbe1f9952fbdbbbc9736d0d37d42bd97e14 223498 libtiff5_4.0.3-12.3+deb8u10_amd64.deb 9621fbb927656f09e334189e4034e0dd8c056641 82050 libtiffxx5_4.0.3-12.3+deb8u10_amd64.deb 0a85f9a539d7a7ee15f5dde3318c949bf5789e24 345678 libtiff5-dev_4.0.3-12.3+deb8u10_amd64.deb 5e84ed105d6ea3fba9a21999b73f804777ba717b 275510 libtiff-tools_4.0.3-12.3+deb8u10_amd64.deb efe9ce68e80e2b709f28bf4907a005ec161e3020 86958 libtiff-opengl_4.0.3-12.3+deb8u10_amd64.deb Checksums-Sha256: 40404d8248af7d7747f4e26e7f565309a101b5c319a6c83e98f255418d47a0f1 2403 tiff_4.0.3-12.3+deb8u10.dsc ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 2051630 tiff_4.0.3.orig.tar.gz 82cb1167bd84eb8583c4b937a7c7a8d37fe78c2a2392a167b16c40dd02dfc62b 72116 tiff_4.0.3-12.3+deb8u10.debian.tar.xz 4e066bbefaf0b6360ab1cd498946d3ba132766e4c2fd10315812452bc83b6b54 372476 libtiff-doc_4.0.3-12.3+deb8u10_all.deb 361c9ec4e673482bbc7537c2c3a4d6b3c9b40874b2646e79c1c2bd46cdc14baa 223498 libtiff5_4.0.3-12.3+deb8u10_amd64.deb 9f2c317767adb5d1f5849f74f718ca1b9d37a3aa9ada80103d2023b928a3f45a 82050 libtiffxx5_4.0.3-12.3+deb8u10_amd64.deb 3c6ca9bd64083e2a70f508af0987b025039b4114337f1f3d12f91d1655106b8d 345678 libtiff5-dev_4.0.3-12.3+deb8u10_amd64.deb ef1b0cd0f146b7024118cd0be7e2ec97a2a1009d78f198e567b264445a85889d 275510 libtiff-tools_4.0.3-12.3+deb8u10_amd64.deb 75e1a992bd88121d714133204ac78944549d1fd39e3aaf395d1b3cc6eac83770 86958 libtiff-opengl_4.0.3-12.3+deb8u10_amd64.deb Files: 8f7a10bae98738f29ea9dff0cd4a516b 2403 libs optional tiff_4.0.3-12.3+deb8u10.dsc 051c1068e6a0627f461948c365290410 2051630 libs optional tiff_4.0.3.orig.tar.gz 8a9206cb295b8088f106343bd82f50c7 72116 libs optional tiff_4.0.3-12.3+deb8u10.debian.tar.xz 2b74bf89bf388fa695228391d4d04682 372476 doc optional libtiff-doc_4.0.3-12.3+deb8u10_all.deb 917ceb6df119b623f573bff9e8f30696 223498 libs optional libtiff5_4.0.3-12.3+deb8u10_amd64.deb 65c17650f0a9aa937d006f343672c32a 82050 libs optional libtiffxx5_4.0.3-12.3+deb8u10_amd64.deb b309aebd75252898f4d62d89c0194744 345678 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u10_amd64.deb 360e8f273ae34bb3d694adad9578a293 275510 graphics optional libtiff-tools_4.0.3-12.3+deb8u10_amd64.deb 5c78cf69f07cfff61f75c42e0d3ae46a 86958 graphics optional libtiff-opengl_4.0.3-12.3+deb8u10_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl3dbyxfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYRzMpD/9kn72yViq5Jw3gCVgQSr/McZLFIVQk LEXEr9YBKhxbSXvZm8VlhGWcRalDO2V+6c0URzQnTAiShG2ojEua886I2w967h5M w996Lof7frEpGaVxy/Mzt5xcatpxUJTYQjUVFr4Mx4/ji3iV4uCQx77htqlqYMiZ T3/vokeMIbXQYESysN7GjYodEAeByS1VB/9Crw4oy2KhlPVSSx+PDbHMTByukvXj 6IzllDfNk5malJVrBlECprh5oR/+VLD3RTACLi0hivPgzXdSrFv1zd8K+Kc6OD+m pkzlqzBjTsF0epNKz8Z3rEkiyGGfdlUEAx0tMJMMwE17CO+Z9nkyCwW2tmoz67nT xgSBhbrGrajfvcJY4/UDyaK9h+FpI7EVkCjFq+R4Jeex+T3olLLtXTCIzNhnGwRk eWhIOiMr8fC9+nThbm5n+LbJmHyGlVWxqVyhnxGOoPtFSc9zsbQ3s2XHMJVeWKCb LbvayU66EZi8bDks5SrHKM/pq6WdHKpdsGKK8ZipecaP+k1Ws6R1fHS1WYxA8THN nIzAZc6dFNG2JhHEy2MsHUKCCLvxPj5ctFN5GAzQh6TegJ60Ar2iaLuI1OKrywrQ PWCTGy/Nu4bxy9El9ofTs8zFNjFxxUsbRaMn0pNAzT0/L2HHzdNV0OENt3P5p8N1 GpK9ze5kaBF5rA== =H4/a -----END PGP SIGNATURE-----
