-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 21 Apr 2017 20:22:02 +0000 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.3-12.3+deb8u3 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 783555 818360 Changes: tiff (4.0.3-12.3+deb8u3) jessie-security; urgency=high . * Backport fix for the following vulnerabilities: - CVE-2014-8127 and CVE-2016-3658: out-of-bounds read in the tiffset tool, - CVE-2016-9535: replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode, - CVE-2016-10266: divide-by-zero in TIFFReadEncodedStrip, - CVE-2016-10267: divide-by-zero in OJPEGDecodeRaw, - CVE-2016-10269: heap-based buffer overflow in _TIFFmemcpy, - CVE-2016-10270: heap-based buffer overflow in TIFFFillStrip, - CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value, - CVE-2017-7592: left-shift undefined behavior issue in putagreytile, - CVE-2017-7593: unitialized-memory access from tif_rawdata, - CVE-2017-7594: leak in OJPEGReadHeaderInfoSecTablesAcTable, - CVE-2017-7595: divide-by-zero in JPEGSetupEncode, - CVE-2017-7596, CVE-2017-7597, CVE-2017-7598, CVE-2017-7599, CVE-2017-7600, CVE-2017-7601 and CVE-2017-7602: multiple UBSAN crashes. * Add required _TIFFcalloc@LIBTIFF_4.0 symbol to the libtiff5 package. . [ Tobias Lippert <lippertto_oss@fastmail.com> ] * Fix a regression introduced by patch CVE-2014-8128-5 where enabling compression of tif files results in corrupt files (closes: #783555, #818360). Checksums-Sha1: 9e49b7faf0894a9d89ebf9274c9a5a1eaa8a7e4b 2240 tiff_4.0.3-12.3+deb8u3.dsc 59c40b9fa8dc52899f47e471a18c5183851f2232 54732 tiff_4.0.3-12.3+deb8u3.debian.tar.xz bc84253e98ffd0f1f7e6caaf905aee40f2d07ed1 369810 libtiff-doc_4.0.3-12.3+deb8u3_all.deb 9c2d75a3cf4b669d828933b7e4d4387e22457ea0 219180 libtiff5_4.0.3-12.3+deb8u3_amd64.deb ff677e9905dbbdc48627f29871b2c2bde1b1793a 79568 libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb d6e7309a2c5a4041360d2be78ea7b219c1f49960 341852 libtiff5-dev_4.0.3-12.3+deb8u3_amd64.deb a0322a3bb3e36a6de4a52fe78d35878bf860e5e5 273602 libtiff-tools_4.0.3-12.3+deb8u3_amd64.deb 4661aada1b0a971dada7b90e27753b6d94b77e76 84508 libtiff-opengl_4.0.3-12.3+deb8u3_amd64.deb Checksums-Sha256: b28cf94a08ce2b4412818fca5b2cf76eccc6c5be9959dbe3e0cb8813c86ec19e 2240 tiff_4.0.3-12.3+deb8u3.dsc e40cde6d95c4243c73f6d8a927f4c32cf31cbcca9a3614280822811d52576fe8 54732 tiff_4.0.3-12.3+deb8u3.debian.tar.xz b5d0877eb6bbd7548f6cca349b7dd2080c2120e70f03b87151a344a2af286de1 369810 libtiff-doc_4.0.3-12.3+deb8u3_all.deb 95d94fe0aa132febabecd308b669fbe4806c619ae32b99c3ad19f85c715314ff 219180 libtiff5_4.0.3-12.3+deb8u3_amd64.deb f596c8fa89a7ac86b11f062d7c7426911656f35ea87ed338abdac91143709330 79568 libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb f24928acd4601c6103ea00fe9f4320afb9769f41aa4ee0cf64388a33042c7e74 341852 libtiff5-dev_4.0.3-12.3+deb8u3_amd64.deb 3f7dffd29887d973d4b628edf36ac687fedd1c58f9f40c8f5c08fa2018cc96f4 273602 libtiff-tools_4.0.3-12.3+deb8u3_amd64.deb f57220ffa40ea2cdecc959e5bd593d6e40e3eb5b2cf453564f21acdaf1d554fd 84508 libtiff-opengl_4.0.3-12.3+deb8u3_amd64.deb Files: cf6dbe77d5f6c948f992ee0fb85da9b1 2240 libs optional tiff_4.0.3-12.3+deb8u3.dsc 29d02f77500ababc6c53e699c06e33a6 54732 libs optional tiff_4.0.3-12.3+deb8u3.debian.tar.xz 3cd4a263ce02d786ce55e4961f1a5ed0 369810 doc optional libtiff-doc_4.0.3-12.3+deb8u3_all.deb 5ad3705d9f3b84ff7021bc9a6141b1b1 219180 libs optional libtiff5_4.0.3-12.3+deb8u3_amd64.deb cad48a9dfeb508078f92772ed01d95db 79568 libs optional libtiffxx5_4.0.3-12.3+deb8u3_amd64.deb 68bd3fb31d224346fe1afd420846c7ce 341852 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u3_amd64.deb 5a75ac3fced01feec38ad948c873d819 273602 graphics optional libtiff-tools_4.0.3-12.3+deb8u3_amd64.deb 4df36aa0aa142d8ffbe4215dfae5677d 84508 graphics optional libtiff-opengl_4.0.3-12.3+deb8u3_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlkCaI4ACgkQ3OMQ54ZM yL9hLw/9G8ywIH+GHZ9Ebtr4tm7e++LQBpiK1CZOtd6y5M4vsSkjG2CBh4flvfWx fv4jXl1ZXOSTqHQJoI6H6TAf++2AowuunxKuBe6yOD14yiSYFEgniQ5pOE1PtnCd P8lJTrdB3phadTDaZ3w7yYwh5HLReH5MbleCPVcA+2zONQhwxRzr8qkHcmVhelSU jtE96utCjQf+lYbmLvq7LhnE2o85vhaEoyfaKWMUSLOFVhJQzu6dLbXhP470A01B naurOHIfQ5vFVcnswqIzyjDh0YU3eM06xDrx06DKEnBVtRVUDT72FCIuwVaeI7nb QRcQv8MV2FCFrx7IaLUiNnt4wFS0s8HilNHdYtA90BNugxsazH/Dx1Fh6Sg4zwRM wrm45AFa5vHcXKjmQeKzicisJrOE9bzsx2gX4xDWTEZn+XrvDdZbRpCn//kii4u3 njpyod7dXm3ul2XdRl270dCDKxSfYTjwg9hxaX6vAaWv9NyJZGOzGbeRu3oobZQF K2RQtD8R6Hi2Cem6Sro56e6JfKPhptThWsnbixwES0Tk7tCjsriuEjr29F/MkKdN siirUcVAKbfIY5y3CVGbtbfVZrD4kGZ41+c/jh3IpQsXwtB7oiYMN9yCRSj/UinL GS0XTYGgfd+fSX8lD4AwYDYSIZ1afv8FnZCiLEvTJ9CPXjNoQbU= =+7tg -----END PGP SIGNATURE-----