-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 24 Apr 2017 12:26:42 +0200 Source: tiff3 Binary: libtiff4 libtiffxx0c2 libtiff4-dev Architecture: source amd64 Version: 3.9.6-11+deb7u5 Distribution: wheezy-security Urgency: high Maintainer: Jay Berkenbilt <qjb@debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: libtiff4 - Tag Image File Format (TIFF) library (old version) libtiff4-dev - Tag Image File Format (TIFF) library (old version), development f libtiffxx0c2 - Tag Image File Format (TIFF) library (old version) -- C++ interfa Changes: tiff3 (3.9.6-11+deb7u5) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix the following security vulnerabilities: * CVE-2017-7593: tif_read.c in LibTIFF does not ensure that tif_rawdata is properly initialized, which might allow remote attackers to obtain sensitive information from process memory via a crafted image. * CVE-2017-7594: The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF allows remote attackers to cause a denial of service (memory leak) via a crafted image. * CVE-2017-7595: The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted image. * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600: LibTIFF has an "outside the range of representable values of type float" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. * CVE-2017-7601: LibTIFF has a "shift exponent too large for 64-bit type long" undefined behavior issue, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image. Checksums-Sha1: b7b334223df9f555df978f5a6b47301f812068f8 2111 tiff3_3.9.6-11+deb7u5.dsc e2cb10b379114e3aa7bed43e372b2f4d051527b6 50286 tiff3_3.9.6-11+deb7u5.debian.tar.gz a1fcd58f99bce4429d09c65bec903571816aaec2 204946 libtiff4_3.9.6-11+deb7u5_amd64.deb 2c32a7cb21bec4d700b54166c5838e3634b5b386 64718 libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb 19a0837a2949e020a892c4dcd2de2bab3469aa85 341276 libtiff4-dev_3.9.6-11+deb7u5_amd64.deb Checksums-Sha256: 60402a42a47b5a086042976902637e37f1150d427538b8d8c613178a1ab2f69b 2111 tiff3_3.9.6-11+deb7u5.dsc 99843ed8e2de9cf367fd0893a0deae211cd291012bc69ac9c24a6fbc8645c090 50286 tiff3_3.9.6-11+deb7u5.debian.tar.gz 55a698f4223db86cd9cfc138e2063472e7a698f4712f9dad6ca5f74b76a022b4 204946 libtiff4_3.9.6-11+deb7u5_amd64.deb 8f5a76da556dcfb414f539ca3ec1f682430e93e80f8a3491005ff15a2dc4cae8 64718 libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb f3dba7fdfb113d2b23010c1c27f4730c866109a2f205a4fb8d009444311753cc 341276 libtiff4-dev_3.9.6-11+deb7u5_amd64.deb Files: 900de34c678e55ff70219251d503ba93 2111 oldlibs optional tiff3_3.9.6-11+deb7u5.dsc 427f7d68a6b2be975354b683742a4aec 50286 oldlibs optional tiff3_3.9.6-11+deb7u5.debian.tar.gz 6e58289850226601dc1c8bce31b7124d 204946 oldlibs optional libtiff4_3.9.6-11+deb7u5_amd64.deb e41c206400d1211be5ffdc58cad131d3 64718 oldlibs optional libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb 77f787059799b7eab08adf4d3d8b38a7 341276 libdevel optional libtiff4-dev_3.9.6-11+deb7u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj91c9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkdK8P+QENYJCrQKwbsBYjB0uQZFAd055uoKwZp3Ea EbAKKbNCqpKsmiAjiaZVRdSSonE8u4y0qSWBADHJtPvsI2PWJYtwq5bmVoFagpne GgNOvQtQN6+dgibFzkMXS/75GsJUSNSqkQgEfxaAaEqLko/3tW5WfYSeklxtSUxy RPkLn3j/SexApt8mBltLThFmU3JntKZxRwArvTCEqd1lsr7kBaZUfAhfnZaqY+pT tsheObHHbqtDf7B/lSLmBGWCdmiN2O/LCnJLP9VrNNmC4JiyJ2bYL54Jm1ruXkl9 /8WGmxmz77LxsMfyzEr/gG1T5GIq+7/wFtFnQSQl47Ei2X+BoAJfHMEKj1kWyOEe 7j3kJef3JSbmEiKF2aUjTmDaHwnfOu7Yuc9iUewhODtS2geTeSSYAf4gKCqaDpQu 2TjC/qq9yY92duLmy/4iHRHoLjQCYmLbb5izUP4hXYCCIyib1a2QFib1xP7hG+OZ TRm3hrJd7VcL59mE35CfLkYW07U0LWnaO84pG37PV7WRZB70xs4posR6nwomJFXP Jg0nybWhLra5W3A2RgKJ1yLtQh6QnWplG6VuQdMsEhh5v8bK+IWabTJBN+v+FztW AJrkzIr2KB/6M9xOzDU3fp9aGHel9CLGyeTaS441oETF1SdIZYNKOel72eY41wfn qAM589ay =LNsX -----END PGP SIGNATURE-----
