-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 02 Nov 2016 12:25:56 +0100 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.2-6+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Raphaël Hertzog <hertzog@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 842043 842046 842270 842361 Changes: tiff (4.0.2-6+deb7u7) wheezy-security; urgency=high . * Non-maintainer upload by the Debian Long Term Support Team. * 0042-Make-more-tag-fields-known-to-TIFFReadDirectoryFindF.patch: - CVE-2014-8128, CVE-2015-7554, CVE-2016-5318: memory corruption. Closes: #842043 * Drop libtiff tools that are no longer supported upstream: bmp2tiff gif2tiff ras2tiff sgi2tiff sgisv ycbcr rgb2ycbcr thumbnail Fixes CVE-2016-3619, CVE-2016-3620, CVE-2016-3621, CVE-2016-5319, CVE-2015-8668, issues in bmp2tiff. Fixes CVE-2016-3186, CVE-2016-5102, issue in gif2tiff. Fixes CVE-2016-3631, CVE-2016-3632, CVE-2016-3633, CVE-2016-3634, CVE-2016-8331, issues in thumbnail. Fixes CVE-2016-3623, CVE-2016-3624, issues in rgb2ycbcr. Closes: #842046 * Apply upstream patch for CVE-2016-6223: information leak in libtiff/tif_read.c. Closes: #842270 * Backport upstream patch for CVE-2016-5652: heap based buffer overflow in tiff2pdf. Closes: #842361 Checksums-Sha1: 70afe76b49bf21fb0c25fdfc63012e76255f4b36 1863 tiff_4.0.2-6+deb7u7.dsc 62285d77ba2179fc2c938e7ff4a98ef08b4860d6 52179 tiff_4.0.2-6+deb7u7.debian.tar.gz 75cb6d8c992e0c96b4979d4e5be249a0ca68f90e 413754 libtiff-doc_4.0.2-6+deb7u7_all.deb f0f62b1315475f4729773667c9a9c951e760fe74 236188 libtiff5_4.0.2-6+deb7u7_amd64.deb 38856938b4e956a97b4e6194a7ed952a2c40071e 75130 libtiffxx5_4.0.2-6+deb7u7_amd64.deb 9a6d571934cd7b1718974f38bf4e4e56147a915b 378672 libtiff5-dev_4.0.2-6+deb7u7_amd64.deb f707dac80c67efdf5e2db51d6df66b957ea6348d 298818 libtiff5-alt-dev_4.0.2-6+deb7u7_amd64.deb f2ef322983eb5f78cab648ac69ccbf2481af2e82 305090 libtiff-tools_4.0.2-6+deb7u7_amd64.deb ba3ad770d78a9a262673016a04b43cb81b566d16 80638 libtiff-opengl_4.0.2-6+deb7u7_amd64.deb Checksums-Sha256: 9a30bbfad329c336254583aba43887492eb78c05181f342d2ff5d7fccf51b469 1863 tiff_4.0.2-6+deb7u7.dsc 6e8ac734a087055506b845ccba5e57bce58261c36b23c1dbcf02f706fdf6d411 52179 tiff_4.0.2-6+deb7u7.debian.tar.gz b1fe34c48898d3af2b3db1165fbe7b289ccbc43c368eb623be2b23b312c8722d 413754 libtiff-doc_4.0.2-6+deb7u7_all.deb dc5dd0a65fb6bb6842c6503f556ed8bb838668d9d1d53109d69b281423bd8be9 236188 libtiff5_4.0.2-6+deb7u7_amd64.deb f09ca6e0e60b500f6ea67ccce1fe7ad1dc28bda34e2205ff977a97c654867299 75130 libtiffxx5_4.0.2-6+deb7u7_amd64.deb 9cf1f85ac493fce051dec99d62e94c40fad6051faa92e1582587fa22568b2cd8 378672 libtiff5-dev_4.0.2-6+deb7u7_amd64.deb c23236f196672754f46719f1212b958f22e33e1fd0e25e627627da73ed330cff 298818 libtiff5-alt-dev_4.0.2-6+deb7u7_amd64.deb ae537b30c8bd9559bc1b17ff89fea1a572f993e93d840caef876eb7f414030f3 305090 libtiff-tools_4.0.2-6+deb7u7_amd64.deb adcd94f6a79bd84cc8f5e395a003c443380ef44607af9f217a5b32d7a220d738 80638 libtiff-opengl_4.0.2-6+deb7u7_amd64.deb Files: 61e5cebbf2ed6ad3b91ff1c251b6fe95 1863 libs optional tiff_4.0.2-6+deb7u7.dsc 1d843f8d869bee748dcde2feb0a8a20f 52179 libs optional tiff_4.0.2-6+deb7u7.debian.tar.gz 5f4a2e47c872616b240f3d30a8d74ac3 413754 doc optional libtiff-doc_4.0.2-6+deb7u7_all.deb eba7cb4186065202de9fab154e2e06ba 236188 libs optional libtiff5_4.0.2-6+deb7u7_amd64.deb b95724c13c0e49ad7d0fa8c21b39120d 75130 libs optional libtiffxx5_4.0.2-6+deb7u7_amd64.deb 9fd4807229f8ec1df36ac47a5c4f0351 378672 libdevel optional libtiff5-dev_4.0.2-6+deb7u7_amd64.deb 78765ae7c879fead71321ead76702e40 298818 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u7_amd64.deb 8b12f0e1d40de23bdc1bd48ae5377b45 305090 graphics optional libtiff-tools_4.0.2-6+deb7u7_amd64.deb 1d0994b777904ea20be8584640a2cf01 80638 graphics optional libtiff-opengl_4.0.2-6+deb7u7_amd64.deb -----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEcBAEBCgAGBQJYGc/lAAoJEAOIHavrwpq50GQH/3l0Y120LhF4l7iAyOsxhwRF WqSXCM+FZTmjiXGGCXLxa1f1C/m8orCjevBEli0wP62Bjo6k1cn5eIXX4dns6nHH V19+UBa5IIZzLwheVgRGhJnFtg7O9OIyxhezRuE9Y3kkvAwQ7V+b5gCLe/+iPlJB esXu5E0fzxQQRy6MJpspap2rxZqh/3yDukoIXpNaZlAWE2PzBDQdbgYQ2oypw+G8 Z/34hPRb2PZ9NnInYQbStr9Qpsjpfg9OsT8v+uDgnCjRGilpfBBfMCRJFUsUmxLB TlQ5zp3Z8KIHjp5Z4F0bxAsMn/GuM2wA5Vgzov0+/3BGSaD1p3hskBpY1Ea/pjc= =tN+T -----END PGP SIGNATURE-----