-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Apr 2017 09:53:51 +0200 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.2-6+deb7u12 Distribution: wheezy-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.2-6+deb7u12) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2017-7592: The putagreytile function in tif_getimage.c has a left-shift undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7593: tif_read.c in LibTIFF does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. * CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF allows remote attackers to cause a denial of service (memory leak) via a crafted image. * CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600: LibTIFF has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7598: tif_dirread.c in LibTIFF might allow remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. * CVE-2017-7601: LibTIFF has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7602: LibTIFF has a signed integer overflow, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Checksums-Sha1: fc1de67c973f54cfb0a737e90227ce2f89fbff7b 2361 tiff_4.0.2-6+deb7u12.dsc c761c86c25b555bb55e35f358ddd6919666e7ee4 76595 tiff_4.0.2-6+deb7u12.debian.tar.gz f865fc713d3e50fee3a3742b9abdb2e123c1b97d 416894 libtiff-doc_4.0.2-6+deb7u12_all.deb cba95a625de104c967a7e4a6b9495b3686a35921 239096 libtiff5_4.0.2-6+deb7u12_amd64.deb b29cdc286cc432c88eadb9d5402d74d13aa3ffe2 76738 libtiffxx5_4.0.2-6+deb7u12_amd64.deb ceda49a5fd175e2adf65a05b00228d9b476b19c1 382932 libtiff5-dev_4.0.2-6+deb7u12_amd64.deb 1d14e1ce25754c0892de50b12f24cda739ac08b9 303230 libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb db9ed81e19eb52820e7bedb77aa124010ef566e3 309040 libtiff-tools_4.0.2-6+deb7u12_amd64.deb 145dbc99fcbf6520d72ab9bb78ad2d39728d5f07 82246 libtiff-opengl_4.0.2-6+deb7u12_amd64.deb Checksums-Sha256: 6681c0a125d3e8b358cabff07303c73c451bd7c8b2648b0f2e14bf1c8b214eb2 2361 tiff_4.0.2-6+deb7u12.dsc 22bb072badd4005c14dcd4592d244612e1f328266d8a239c545ea0c31f1d399c 76595 tiff_4.0.2-6+deb7u12.debian.tar.gz 2bc783caeb7a84e5b891cfb0828f9ec990f655265a288238b25f27426b215ecb 416894 libtiff-doc_4.0.2-6+deb7u12_all.deb d47e7a312861f8dd22eacd87b04a6ce6c4eb40e4aba48102b883212414289e67 239096 libtiff5_4.0.2-6+deb7u12_amd64.deb 0d7488a515bbfc06be66f7e3caf83385d84053b8f72694dc10a8f6c507998861 76738 libtiffxx5_4.0.2-6+deb7u12_amd64.deb 9ffba0f864d64113e3f2d841a216cbe3903e1bffe99d229184221bb3a97803c0 382932 libtiff5-dev_4.0.2-6+deb7u12_amd64.deb b7564fed8f33dd1bd6b51034d8dba1147e9a462efce50af2c4371584c6cadf23 303230 libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb 077bb8d3dcf4d825f171194dab637adfeb083ee09e61265bbb47a89ec33821a1 309040 libtiff-tools_4.0.2-6+deb7u12_amd64.deb 3296859c0df5f31cd6be2bd23d1fedd2688b33f02515722b995acc09e81fb7ed 82246 libtiff-opengl_4.0.2-6+deb7u12_amd64.deb Files: 03bdd9c7a366ec912f80f6f06dafadc5 2361 libs optional tiff_4.0.2-6+deb7u12.dsc 86908af95730793f3c737de6d18cb3b4 76595 libs optional tiff_4.0.2-6+deb7u12.debian.tar.gz 5c36a8f57ec79d21188b82f5e7d70db2 416894 doc optional libtiff-doc_4.0.2-6+deb7u12_all.deb c82591e13e7f4f12208e776a089f4d73 239096 libs optional libtiff5_4.0.2-6+deb7u12_amd64.deb 65a046103195c06003bbb2d590134a79 76738 libs optional libtiffxx5_4.0.2-6+deb7u12_amd64.deb 3f509ca216d2451231604005ad00489b 382932 libdevel optional libtiff5-dev_4.0.2-6+deb7u12_amd64.deb e2045ef73b50058906422de0ac8a3cab 303230 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb 82d80bf2afc426cc0a835da1c580352b 309040 graphics optional libtiff-tools_4.0.2-6+deb7u12_amd64.deb c412bbc56e230f030c6d51ab518fcd16 82246 graphics optional libtiff-opengl_4.0.2-6+deb7u12_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj9tg1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkhA0QAKJ7HX7au7RjI4rIbkk2DBTbFNRKtV0y8Yvr 6VgIOlJimJU0d/TICNcMp0n5aFFqjkmjYc8h3cte2Luf8Epy+g8PlFSOMpOTQwR1 gf7V9BA3AUWGGeRZWPWtf4ZOOVYdE6YGhPo020YUBTOqzaNUfDwAl6qWAUo4h8g0 lrlMm8MKhuxWXDKmZfKDSEzIGmpa/wLP6yqy8zPDI/UvsjFfdw1/U+1vILoqbkXD UO7slrJuXQNnPdQiBnQTtMDvYOqbbrKdd1ZiPYJaKnpgYXao5YcZdVyu0CnlXQjZ XZW4QlbQbyEu/zsfKu4eEHjUIoxptojPy26dEeoYmabKT9LM+cztf+jB1qhjvD8Y TKZx0iIiIplqO0g7nwjtsDGjDranCX2B/C1QaTN84tm1lbWJlw5H7943iyrZFFCf XhKwORtkrqBM2xayrNTN6BgiNFL7GyO2/1cTq9aU4VJ1jXgnrNOxlrugaquEBjeB Z+DekzYeZeP/4Csoon1FN84pYx1bYimuX8iZwMTrVvUKoQAqDBmeC6vqktewcU4h e9E2eEVQa7iOnL5/z+cdmxDK1pbTadCiWqp/D4VGbAxXrYWrcO8kLMIR6fFrDhDc udxShu8E6faPdo4Suf/aWgBvDcKyTE5cxj0uKPXjRrVkm8mrHOJl6JnQSGPR72J2 0/iHusb9 =0BJA -----END PGP SIGNATURE-----