-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 02 Jul 2017 08:35:22 +0000 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.3-12.3+deb8u4 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 850316 863185 866113 866611 Changes: tiff (4.0.3-12.3+deb8u4) jessie-security; urgency=high . * Backport fix for the following vulnerabilities: - CVE-2017-9403: fix memory leak in non DEFER_STRILE_LOAD mode, - CVE-2017-9404: memory leak vulnerability was found in the function OJPEGReadHeaderInfoSecTablesQTable(), - CVE-2016-10095 and CVE-2017-9147: add _TIFFCheckFieldIsValidForCodec() and use it in TIFFReadDirectory() (closes: #850316, #863185), - CVE-2017-9936: memory leak in error code path of JBIGDecode() (closes: #866113), - prevent out of memory in gtTileContig() on corrupted files, - CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX() (closes: #866611). * Add required _TIFFCheckFieldIsValidForCodec@LIBTIFF_4.0 and _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbols to the libtiff5 package. Checksums-Sha1: 464c9062f2e1c187bfc62fbf2c0685501a8000f8 2240 tiff_4.0.3-12.3+deb8u4.dsc 96cd34b33632ff0e0c902ea556565b9f2a5684cc 59668 tiff_4.0.3-12.3+deb8u4.debian.tar.xz f2773fa8656c505d13cd3bb04cbf6060572f370c 370656 libtiff-doc_4.0.3-12.3+deb8u4_all.deb ca29c3ba817fe0938857cfb67aec2ce840cfc99b 221088 libtiff5_4.0.3-12.3+deb8u4_amd64.deb e55762a11f627a677e7540cdfb21749354cd5bc3 80488 libtiffxx5_4.0.3-12.3+deb8u4_amd64.deb cac90abaa7cf91638b9f44f25f2d9fb61fa47076 343602 libtiff5-dev_4.0.3-12.3+deb8u4_amd64.deb 43e39ceb07173dcdc3a484514c2b9d3f23debafc 274296 libtiff-tools_4.0.3-12.3+deb8u4_amd64.deb 81b05e7aaf2c6ec362e3fd180efce9228df731da 85398 libtiff-opengl_4.0.3-12.3+deb8u4_amd64.deb Checksums-Sha256: 50e944559c1588ac8cdaca8034a3a74e9178d6f026edc5f48e9c4ab77540e82f 2240 tiff_4.0.3-12.3+deb8u4.dsc 3e637b2784715aa3a4b6e9111d9265682b73997eed0750460afe29662166595f 59668 tiff_4.0.3-12.3+deb8u4.debian.tar.xz 42c92b854a55df5e6fd394dd9ffef2dfcb62cbfa23c26e4e4d676d8c3683dade 370656 libtiff-doc_4.0.3-12.3+deb8u4_all.deb 79eb932460fb975af5f0672201ec656eab1d1f2d0a5f25b0d5308de803b84c77 221088 libtiff5_4.0.3-12.3+deb8u4_amd64.deb 56ccc8d1c899aaec398132747da046acf1d11f89facd4b3ff08d0400d118dbd8 80488 libtiffxx5_4.0.3-12.3+deb8u4_amd64.deb 37a9da414935963a1ec63ecfa87fb3b473777aaaa946f8f176e8be80e19865c5 343602 libtiff5-dev_4.0.3-12.3+deb8u4_amd64.deb 675be25b329c38aec7fd30a96fe73afe4c3b342da4d3d085c118221d1930002c 274296 libtiff-tools_4.0.3-12.3+deb8u4_amd64.deb 7c6195738305c664d3c9cf63b1b3d5ebba4f8967abc1003e60b6ce4fe8418dfc 85398 libtiff-opengl_4.0.3-12.3+deb8u4_amd64.deb Files: 727a6acc201fc2abc6b5ac5764da0c82 2240 libs optional tiff_4.0.3-12.3+deb8u4.dsc 9020cf788fbae80ed0343543a7d8842d 59668 libs optional tiff_4.0.3-12.3+deb8u4.debian.tar.xz c41c8eb083888f7e83d2295d7779acd5 370656 doc optional libtiff-doc_4.0.3-12.3+deb8u4_all.deb 35a5b92c15fa9e3cf7963d65f740b07f 221088 libs optional libtiff5_4.0.3-12.3+deb8u4_amd64.deb 4e5b64d38e719871710f9060c1f9ab5a 80488 libs optional libtiffxx5_4.0.3-12.3+deb8u4_amd64.deb bfe2ffdf111cdab5b378320c2a3f2b11 343602 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u4_amd64.deb 25a95583e54acc36e172edf6c62d09ec 274296 graphics optional libtiff-tools_4.0.3-12.3+deb8u4_amd64.deb 8f825062eb394370e93a613d1b7bce46 85398 graphics optional libtiff-opengl_4.0.3-12.3+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAllZE24ACgkQ3OMQ54ZM yL+XuQ//fzg7slqtwL3wAmQpm4G0Q0Jy2iXHxvVmRN70GrsKdK9R4C+EKDf/Eqoi G5BmKZllwcAX7ao5x4oo9IT5F9zbiRRRV5ZegkK8aUXvoFy22HLh1J1U8c08V7JN NEttXvoHiNQLrzinwaavi2qRTYJWp7Ga7Ph3DG6PX/G1w8pDjcq0R1TIZZtkiQvY XYeJ7mE/fapP6N7LlxfFBI6uE4lWa2Lq0e+3ACsFQ6ICylJCRAg1YLVAal1VJOdF p2sHMtL5SdCAjtqRWGcuOC7NxIRVKpJid62fHWmWeoRLCvtuAT59v/2h5PHyzxwv mZLeIeA+OjVzfSFzXsKyCaF5tTlsKyjjVs/SN5OmJZVXa2mb6pPZ1cXKl/d0oz4G FtACpzp201SrW690E9wmUPacbbHc0JiFUv3UJqTFba4/hJ/Bf7tOAp3rBAwv1X01 HIUTecHa5unIVHCC4q2b6w7oL4rfOjIqTwwjZo1SC+R6DhkdWut1i2oWh7BSLFet J3VoDq4SUhvesvz/jGfjHjR9nnNqYwLCnei74/CTqHkVitoM+hFj1YKYBOPIB5AM Tg/C63z4k2CQ24Fvsnd10XRI/r9c9daoYNdxq3ap3EH2beHqbQhxXRBdM4QtPEQQ KHR83iW82O+cyDa6amITuoXcMdo1UQ+p0ZF1RxkrqWLXBMa6BXw= =2mHB -----END PGP SIGNATURE-----