-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 19 Nov 2016 18:05:24 +0000 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.7-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 800124 820365 844013 844226 Changes: tiff (4.0.7-1) unstable; urgency=high . * New upstream release. * Fixes the following vulnerabilities: - CVE-2015-7313, OOM when parsing crafted tiff files (closes: #800124), - CVE-2016-3622, denial of service (divide-by-zero error) via the fpAcc function in tif_predict.c (closes: #820365), - CVE-2016-3945, multiple integer overflows in the tiff2rgba tool, - CVE-2016-3990, write buffer overflow in PixarLogEncode, - CVE-2016-3991 and CVE-2016-5322, heap-based buffer overflow in the loadImage function, - CVE-2016-9273, heap-buffer-overflow in cpStrips (closes: #844013), - CVE-2016-9297, segfault in _TIFFPrintField() (closes: #844226), - CVE-2016-9448, in TIFFFetchNormalTag(), do not dereference NULL pointer (regression of CVE-2016-9297), - heap buffer overflow via writeBufferToSeparateStrips() in tiffcrop. * Remove backported vulnerability fixes, this release contains those. * Update libtiff5 symbols. Checksums-Sha1: 131d573ae0277cea17434c21db280e8c5e33aca4 2125 tiff_4.0.7-1.dsc 2c1b64478e88f93522a42dd5271214a0e5eae648 2076392 tiff_4.0.7.orig.tar.gz 6d7d690b8f543c319f2d3b5cc98dd06506fdc2ac 15144 tiff_4.0.7-1.debian.tar.xz 917dfbdd62cab09291a670c92c33b6b25d46ae87 387232 libtiff-doc_4.0.7-1_all.deb 8b70c390e913b263f12f1f50a71c27f9be0fc2fe 14178 libtiff-opengl-dbgsym_4.0.7-1_amd64.deb 9db569d883859f115cd129ee178f2eeda94c808b 94074 libtiff-opengl_4.0.7-1_amd64.deb 77910b9deb6272bfe0a110a6ce08283882ba92fc 351152 libtiff-tools-dbgsym_4.0.7-1_amd64.deb 5a80e9be5aaea8866f9b858d739cd1881cb4e866 277304 libtiff-tools_4.0.7-1_amd64.deb 70272614882dc1aadb57c752c11c6f0b0e567e3a 365614 libtiff5-dbgsym_4.0.7-1_amd64.deb 87df8f00e6f5ef2691313c54c7cc2ee8efc4770e 350242 libtiff5-dev_4.0.7-1_amd64.deb 99a6188e5adf67ad1a2dde1bb5a5804594bd7e81 228122 libtiff5_4.0.7-1_amd64.deb e61728cef5ddaa1f5163051cab329d1b7a5c3323 21030 libtiffxx5-dbgsym_4.0.7-1_amd64.deb 20edd62656132b0b5d547a795a85df11c83083f1 89376 libtiffxx5_4.0.7-1_amd64.deb 3ef82cae9c80be3019e7dfab0b7daca21d1bb563 10066 tiff_4.0.7-1_amd64.buildinfo Checksums-Sha256: 7b066eec518b8d8f4f5bcd06dd3dda672194bb37b7f8ad9c46630b8031fa41d5 2125 tiff_4.0.7-1.dsc 9f43a2cfb9589e5cecaa66e16bf87f814c945f22df7ba600d63aac4632c4f019 2076392 tiff_4.0.7.orig.tar.gz add4fbb212a89f967f38285f0adb5b976a60a52e2efff3004de83610e51339dc 15144 tiff_4.0.7-1.debian.tar.xz c706a429913008113f36a8b3fb7990ad91efca71c8f8d417ce23a4737356239e 387232 libtiff-doc_4.0.7-1_all.deb 1baffb10565a25d66fed74e115d33130e37dae4ff2e48fc7b55462d6e4752d79 14178 libtiff-opengl-dbgsym_4.0.7-1_amd64.deb b12146e7d9ddbf9ac504407a939b008d637d0b49d7a9bc500f0bc3e3b8aceafe 94074 libtiff-opengl_4.0.7-1_amd64.deb 7a7c7b192cadde81e8618f0f8c2db5f365847ecdad71484df0203b380dabab71 351152 libtiff-tools-dbgsym_4.0.7-1_amd64.deb 7a78b53b431b70ae4c6dc1334d53fb321cadc4a60bef6846a7214a5ee653f925 277304 libtiff-tools_4.0.7-1_amd64.deb c85aecd53cd820f24e6d3e896967b34cb525f0d3174d58a4e48ea54f71bb82d3 365614 libtiff5-dbgsym_4.0.7-1_amd64.deb e8d831eb4004e1072c2cd5e7b368afc30b7b5113a9c0230c508e886bcf6f0906 350242 libtiff5-dev_4.0.7-1_amd64.deb fb9fd61ea5645ff60ecf0e5b7276c0b15221b82c8ac79850b10c5038f7f0a9ed 228122 libtiff5_4.0.7-1_amd64.deb e241f4a59cdefdf6b058ea9014680e6691966bc7950187902409b3cf614263d1 21030 libtiffxx5-dbgsym_4.0.7-1_amd64.deb d5bf0fde9dbded7aba10dd68cf5add8b13d16f68a790985b1957d86a81675738 89376 libtiffxx5_4.0.7-1_amd64.deb da0ad7e2b622787e052090e9369cdda342d92a9e79276f9d42038c5d0294e8c4 10066 tiff_4.0.7-1_amd64.buildinfo Files: 58b3062e1403b1267f5b296b30b985db 2125 libs optional tiff_4.0.7-1.dsc 77ae928d2c6b7fb46a21c3a29325157b 2076392 libs optional tiff_4.0.7.orig.tar.gz 45e0d4909b965334be2253953da3a222 15144 libs optional tiff_4.0.7-1.debian.tar.xz f553d6a3a5a123fcb830aaa5ba69d4a1 387232 doc optional libtiff-doc_4.0.7-1_all.deb 0638c39c60e98a153b0b8d48da8063b2 14178 debug extra libtiff-opengl-dbgsym_4.0.7-1_amd64.deb ff4bf4273ed313a5962dfbaef66c8b3b 94074 graphics optional libtiff-opengl_4.0.7-1_amd64.deb b5d8121d9a19bb338dc7826843e3bb02 351152 debug extra libtiff-tools-dbgsym_4.0.7-1_amd64.deb 39cd8185ae21e14c9066e2f920d84ea2 277304 graphics optional libtiff-tools_4.0.7-1_amd64.deb 0e0153ebade05b64a11fdafecc8f4418 365614 debug extra libtiff5-dbgsym_4.0.7-1_amd64.deb bf01669377a80b44b4e226f65e1d282a 350242 libdevel optional libtiff5-dev_4.0.7-1_amd64.deb b238b8fa668171aaba8d3188fcd78f89 228122 libs optional libtiff5_4.0.7-1_amd64.deb bd909227c047c5c3916a03ec525a8466 21030 debug extra libtiffxx5-dbgsym_4.0.7-1_amd64.deb 79bf58db2473f035140fcc89855be73e 89376 libs optional libtiffxx5_4.0.7-1_amd64.deb 7e9cf923f8ae8e36f45be27621ece79d 10066 libs optional tiff_4.0.7-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIcBAEBCAAGBQJYMacNAAoJENzjEOeGTMi/LAwP/RsjPN/hdJuF93mPtqJA4Mcr NgoerE4imaStmFkniAWVTo7tYS4jnuPDMEGhvvTDJ8iUbxbASFdZrb/ITz1LPEV+ 4yZw0vqNY8dhDkjsinn+4gCDRye+xHb3dMl2WhfdM6DPWWHyAthquhKkVkCw8kvl h9ymzFvgBKgd+ESrTax3EEeJDZOyiu6yr9v6dn3pvb8/Z3v1SPv5F6fD8facp0XR O9h/X765RdMHGye9ox9bJX/LkHm3W5bigX0eK3yY4JKAmw30KDOvBvtsFb1hQSMi zhSdXBc0xFCx2reO8nMdydeo9AteT8psAEQNB7w7xgzymsS9aktBgasH9d71LRwZ xRjGxMk3IeNEr5t8HQX8zgqIa7jcmPgYGrPuazyUSL7M3kaSrEBwj/FCkegbDNMf f4Azb3vyLFYRXd7j0oNJ5WcmmEhosZwgwS76TbKBoB47QtQR1cxTJ/KrtkIB09Z6 /MUBkKVJudbiwM2QFD8gzsftJ077cPHWSIrEgQwX2I34zZvgLa4GhZ2ke24Ozjw5 oXpTE3uhTl8Wz/ZUp4kQfq1T/4nW2vW5kfHpfLFDV1bIlwaz/BiTILH4W1aK0nr3 rWYgvG77Asb84YHeLwmel2cGhZsty5jFpmV1b4z6/8VLGu0SkE+6pJVCj3Y6TYwZ TFQLdnHVHKjuhBRBrATc =lE+v -----END PGP SIGNATURE-----
