-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 02 Jan 2016 09:18:06 +0100 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.3-12.3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 808968 809021 Changes: tiff (4.0.3-12.3+deb8u1) jessie-security; urgency=high . * Backport upstream fixes for: - CVE-2015-8665 an out-of-bound read in TIFFRGBAImage interface (closes: #808968), - CVE-2015-8683 an out-of-bounds read in CIE Lab image format (closes: #809021), - CVE-2015-8781 out of bounds write at tif_luv.c:208, - CVE-2015-8782 potential out-of-bound writes in decode, - CVE-2015-8783 potential out-of-bound reads in case of short input data, - CVE-2015-8784 potential out-of-bound write in NeXTDecode(). Checksums-Sha1: 1592d69661d4bffeb0924770cadb0280dc6c6bfd 2226 tiff_4.0.3-12.3+deb8u1.dsc 652e97b78f1444237a82cbcfe014310e776eb6f0 2051630 tiff_4.0.3.orig.tar.gz 16b525b3b71102ba1992427c85ffea6d5fa7044a 31764 tiff_4.0.3-12.3+deb8u1.debian.tar.xz 59f99a67bd84376b1bf6956334e7288c98d70fb2 363528 libtiff-doc_4.0.3-12.3+deb8u1_all.deb 2f42ea521422199af07572678f573bb86c438138 213448 libtiff5_4.0.3-12.3+deb8u1_amd64.deb 017e23930fa66c217d579e4a4a930df5267279df 74990 libtiffxx5_4.0.3-12.3+deb8u1_amd64.deb 6340bab6581ae5f9bfabbb338cb61b846f483dc0 335260 libtiff5-dev_4.0.3-12.3+deb8u1_amd64.deb f225923488fd1c419d54fbbfeeccbdaaafe24e4e 285694 libtiff-tools_4.0.3-12.3+deb8u1_amd64.deb c9706d6a178b9d85f1e0638f128534adad05cb3a 79906 libtiff-opengl_4.0.3-12.3+deb8u1_amd64.deb Checksums-Sha256: eb8d25c4f28aafb3ddbe29d29f91876c13539da38011837ad974f65838cf5fec 2226 tiff_4.0.3-12.3+deb8u1.dsc ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 2051630 tiff_4.0.3.orig.tar.gz a689adbd64ff8220fb095bceface04417068e69d6ec98063db3489f1c02410a6 31764 tiff_4.0.3-12.3+deb8u1.debian.tar.xz 682b3f9e7e2cd7fd982dc3c51ed92a4529e25ad3336496f11358f7f0c30c9e6d 363528 libtiff-doc_4.0.3-12.3+deb8u1_all.deb 06b4254a0a78fdf199b044975d5b750902ca8916400db7cc309deeba44dee42e 213448 libtiff5_4.0.3-12.3+deb8u1_amd64.deb 132dc95ca561cfa7f0ac7bd25e1c73ded1052414566f74128d921ad73bfaf817 74990 libtiffxx5_4.0.3-12.3+deb8u1_amd64.deb 66475418fa4790016ed42e91b9fead8214605a2b604b4cab7837cadb6ad6ada5 335260 libtiff5-dev_4.0.3-12.3+deb8u1_amd64.deb 43ca07b50381d45ecf1e2430c7960c0e0a301ad0d0567d51a7e8bc4c328b5347 285694 libtiff-tools_4.0.3-12.3+deb8u1_amd64.deb 6e2680ef375c241484fa8e4c354ebf3f8519e4bbe72533d985c76cb1d23ef084 79906 libtiff-opengl_4.0.3-12.3+deb8u1_amd64.deb Files: 336b29c642a4c3f44eca5644b95c0600 2226 libs optional tiff_4.0.3-12.3+deb8u1.dsc 051c1068e6a0627f461948c365290410 2051630 libs optional tiff_4.0.3.orig.tar.gz 8994b58cf108e18084acd4813f376963 31764 libs optional tiff_4.0.3-12.3+deb8u1.debian.tar.xz 1ee185ebe665b2fa80d2dfdf857a9b35 363528 doc optional libtiff-doc_4.0.3-12.3+deb8u1_all.deb 97b01df72c1d4b2c94db92ef79e6dddc 213448 libs optional libtiff5_4.0.3-12.3+deb8u1_amd64.deb 691332632e03c9bf4393ba3f2763227c 74990 libs optional libtiffxx5_4.0.3-12.3+deb8u1_amd64.deb 952ae037759bc976f131e78ac1f49262 335260 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u1_amd64.deb 0f0121dc6100287e623ecb6836f0bbfb 285694 graphics optional libtiff-tools_4.0.3-12.3+deb8u1_amd64.deb 6afe47c3712577cc97147a1a76ac98c0 79906 graphics optional libtiff-opengl_4.0.3-12.3+deb8u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWskzoAAoJENzjEOeGTMi/BOIQAJ3KABfZjXqpDUS8tkX3JMLg Xwvf9p6EviRXLME3cCW/WBHQBfJ72mBUxergJEgzUydQXnl6rKvyCKmpegnNdFu/ j7oJ8Jnw1kCxqf/UT3gDMsUZxd6ghaYBmR/qEbrq0DmruI7GNUXzoHmT+PaNrny1 4fhQf5Fr+6V+iswVdy8Yxy1IMDYxzmai8xLYJ2AThw1mjdj92TBOJPpfFVkAHVWN 8t2nA6fcgH6D1Ubj/bfcRIWXIt38j10oSND1WBss1qyLEgj0HyxHD3kuEqcN/YSx STCJ9VYrROk4JH8wPQqDdDXEl5v+Hx0vy2SIvofR2/ShpRvKVQHyQgYb/L9UsueP RrcKiHg8k0HyyMLGCs7KSmCC1jDYt9d59laxY0iunaBT1KJqALNw0X46AtyyzZkL 7E5mPM7z9y8IDHl3oqZ6u8hYi+YLk44J3yB7el0JAVd6y1VdgGQdYzv37u/iESZG 7frYw/lkU2R91st+f5d6HDk88qwQm0dK/L1zFf813oIrOGlxdQqJshFHMYWKQJYp x30LYxsRPkLqpABGO1ep2uoYMBJqStYPsdZYDG7onca1W8nPm+YnXUPEXcJwQUYH 8uwVFJgEaosQpRkNgyeoc9tKkXsOM29olt7IPywMspWEWDD+gvXVFC7hz8kEXlZC GuyIx7lMG0gDL7czhQpo =yyTs -----END PGP SIGNATURE-----