-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 04 Dec 2016 12:24:44 +0000 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.7-2 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 846837 846838 Changes: tiff (4.0.7-2) unstable; urgency=high . * Backport security fixes: - fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer division by zero, - avoid uint32 underflow in cpDecodedStrips that can cause various issues, such as buffer overflows in the library, - fix heap-based buffer overflow on generation of PixarLog / LUV compressed files, with ColorMap, TransferFunction attached and nasty plays with bitspersample, - fix ChopUpSingleUncompressedStrip() in reading outside of the StripByCounts/StripOffsets arrays when using TIFFReadScanline() (closes: #846837), - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode() to avoid a divide by zero, and potential other issues, - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the output buffer is correctly incremented to avoid write outside bounds, - add 3 extra bytes at end of strip buffer in readSeparateStripsIntoBuffer() to avoid read outside of heap allocated buffer, - fix integer division by zero when BitsPerSample is missing (closes: #846838), - fix null pointer dereference in -r mode when the image has no StripByteCount tag, - avoid potential division by zero if BitsPerSamples tag is missing, - limit the return number of inks to SamplesPerPixel in TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) , so that code that parses ink names doesn't go past the end of the buffer, - avoid another potential division by zero if BitsPerSamples tag is missing, - fix uint32 underflow/overflow that can cause heap-based buffer overflow, - replace assert( (bps % 8) == 0 ) by a non assert check. * Remove thumbnail and rgb2ycbcr documentations, these tools no longer present. Checksums-Sha1: 48a52b27dffb639cdc00ed341a7b42a7a9bebdff 2157 tiff_4.0.7-2.dsc 8bbf361bc019c94010c042adbb7ca1e6d9286289 23124 tiff_4.0.7-2.debian.tar.xz da0f4a602201d406340a2199b1d4c020ff16e0a3 387840 libtiff-doc_4.0.7-2_all.deb 74a11cea49462af4c833c34715de330f2b27a281 14158 libtiff-opengl-dbgsym_4.0.7-2_amd64.deb c11eb4f61f80fe39fac4bdaaf7c9edbd1af09f51 95566 libtiff-opengl_4.0.7-2_amd64.deb 422accb6d1662cfeff3b25805d47d391ee8e7b7c 350840 libtiff-tools-dbgsym_4.0.7-2_amd64.deb d5a9ee3cb85533eddb43802a6139277a3c4c9d5b 275862 libtiff-tools_4.0.7-2_amd64.deb 9e2bdf09281a1b7e9bc6a3b2ba9c16ffc7677f66 365976 libtiff5-dbgsym_4.0.7-2_amd64.deb a3af72e56fb83c5cdc1c8751f4e71c6048358d2a 352096 libtiff5-dev_4.0.7-2_amd64.deb 87c8ea7848b81e325d9131efa0b5b8e772e7b6cf 229734 libtiff5_4.0.7-2_amd64.deb 87a7475184993fc7d32b4beecf6a6a6e19f9c0ef 21036 libtiffxx5-dbgsym_4.0.7-2_amd64.deb d8268885a02ea6ac4d02a39ea6a7368eb5e6137c 90880 libtiffxx5_4.0.7-2_amd64.deb bc251a142914feb33c305c3e13dd9b8bd5d49bda 10083 tiff_4.0.7-2_amd64.buildinfo Checksums-Sha256: 45c96169b9d438e37fe6f64ef77e342620330850ab741880dca4af9f69a451cc 2157 tiff_4.0.7-2.dsc 496252f073d2382ae47167b3830338353b88115fce87ff07c1bff05040cdb500 23124 tiff_4.0.7-2.debian.tar.xz bb6599e2fe13367004995b5a6387e16896007b60d846890c3552ac412cfcf45f 387840 libtiff-doc_4.0.7-2_all.deb d604a1032575ac424625c52a30625f132f35cb3d4183fc2a4ce7a6164ffda5ff 14158 libtiff-opengl-dbgsym_4.0.7-2_amd64.deb 16bd6bd3884b29c156f841132e163ededa0c92477aff9fb8aed4010020a77baf 95566 libtiff-opengl_4.0.7-2_amd64.deb 52458ea875e80387b2590e6120ce2ddcc2a54a872fbce01721fb3e7edc52e790 350840 libtiff-tools-dbgsym_4.0.7-2_amd64.deb 353e1c142898b0921d1c02b33d5f0d1f9846f9bc6015d34da03ce491d8732455 275862 libtiff-tools_4.0.7-2_amd64.deb 321691466a975988eeaedc71450a58cc4a9ed8602205f15d32146822d59cbafc 365976 libtiff5-dbgsym_4.0.7-2_amd64.deb 0e9a2690d1a81d45418b715d5f3c77a7a20215227e64edecbd172366ac5e0dfc 352096 libtiff5-dev_4.0.7-2_amd64.deb 3ea0525dcbc394d00e3843c870a7ba4b7d71bbaad36ea6222a3721e6c9f39318 229734 libtiff5_4.0.7-2_amd64.deb f4610ac7108f9fb759772c698c4c73e0e97dee0711f3aad73147374baf1fbb35 21036 libtiffxx5-dbgsym_4.0.7-2_amd64.deb 0d2e4a3a5027d0906d9fe1db1f7112fdbdf7bfe9c76dc2b54520d5320ccfd6b9 90880 libtiffxx5_4.0.7-2_amd64.deb 228e339f498a2130e48eeb277c3a9080b676e508b4580cbb6b225ae862bad33e 10083 tiff_4.0.7-2_amd64.buildinfo Files: 8dd7b62d683875235152ebd5474fe1a0 2157 libs optional tiff_4.0.7-2.dsc 1d0287fad4becf7356f4b0571b11671f 23124 libs optional tiff_4.0.7-2.debian.tar.xz 7c4d34c93487f4234585d3fb1e17c58d 387840 doc optional libtiff-doc_4.0.7-2_all.deb 572f79e4d7636b1a8988ad7dfc59cefc 14158 debug extra libtiff-opengl-dbgsym_4.0.7-2_amd64.deb 73ed530fe8985ea368d54296ede8af28 95566 graphics optional libtiff-opengl_4.0.7-2_amd64.deb 16a9f62b7cfad7ddf59bd750dd667cbd 350840 debug extra libtiff-tools-dbgsym_4.0.7-2_amd64.deb daa49cbe81d060da50264f5b1fe67d2b 275862 graphics optional libtiff-tools_4.0.7-2_amd64.deb 3bfd5646dcf48c96c41fa580ed17cc38 365976 debug extra libtiff5-dbgsym_4.0.7-2_amd64.deb 89dc8984b3b09db0c69808c2b0ea6dc7 352096 libdevel optional libtiff5-dev_4.0.7-2_amd64.deb aa798ccec3b1fe6f7d80772090de08b6 229734 libs optional libtiff5_4.0.7-2_amd64.deb a12e84476d46ce639123b61c38c537ab 21036 debug extra libtiffxx5-dbgsym_4.0.7-2_amd64.deb 8bc509217559495288d9a41eb1f1f67d 90880 libs optional libtiffxx5_4.0.7-2_amd64.deb fd513485f58ac736b759384716b21483 10083 libs optional tiff_4.0.7-2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlhIOs4ACgkQ3OMQ54ZM yL9ZTRAAtgHJ8/l/2mW9rYtjsYzQzUNV02l3aZxPjhN7+6opSwuxAqUdZVHusrDL mttaoQnU5DtgOIE0TXOKJAwdZhKvORM4Fyzj44dh+VCyEuqeqDXODLtzYjtfGL+O 7JGsUtGYFY4041LE114ka5bXgmKaZKspt/Zzfg0JM19zDhoSwSazUV1ZDFOjDpmN zg4CyEuYkxmZHAzSOLb030qeLV7pgLr/viUC4AIYal9gToxYfWoFdaCKOnOHeZYz zsPVnaibov95hwxOzgbLoNAiboF4H2oowFs1iJB4h/iARtrA1/ZfSAHh24pMUU87 nltAcE0OJLmTMiQEWuM5qdiTVqEC+R61sWkYaFAXUxGWx21LMBXSDY5GwUCosBYY o6EmuXz6nBswAgiJ67+9h3U+hFUStLq3RHm16XAOcN+rdOmuLxueKjZrHhD7z3Yq N/HhaxUXCDdqTX4NJRifrd2Oka4YLPWG90OSqfUOV/WXth7nAHOpZU6YCZsUfMub DVxahlj4tLQDYK+ACqsPJt0Y65z6w59raVQoBzWbhOH0HK4+ve28kpOeVw4LE/Ys W9k2jYy2YoOUw5X/BzEYiLbc+MVmkLB6sawPRpAe/hcbRjUzmi/2ng6qCpmYKOqD Zgl41wm906TUfxtsO6bWybM6pamOemg5GrKuOdGv/dqyMV29Lic= =PwDx -----END PGP SIGNATURE-----