-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 28 Oct 2018 12:03:02 +0100 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.3-12.3+deb8u7 Distribution: jessie-security Urgency: high Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.3-12.3+deb8u7) jessie-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2018-17100 An int32 overflow can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file * CVE-2018-17101 Out-of-bounds writes can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file * CVE-2018-18557 Out-of-bounds write due to ignoring buffer size can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file Checksums-Sha1: b1a134b22c1600f722eeac78538f11ab0dbfd207 2399 tiff_4.0.3-12.3+deb8u7.dsc 652e97b78f1444237a82cbcfe014310e776eb6f0 2051630 tiff_4.0.3.orig.tar.gz 09686048a646d264f06f839b71299e551bd033a7 67436 tiff_4.0.3-12.3+deb8u7.debian.tar.xz be00400fba2e843ad684484b1daccb368142afc2 372030 libtiff-doc_4.0.3-12.3+deb8u7_all.deb 578f9cb691658c7e02658b8d383d9f6247a04f33 222904 libtiff5_4.0.3-12.3+deb8u7_amd64.deb 6e96345f65c389ebc41c73a7eeae9f18d836e5a1 81628 libtiffxx5_4.0.3-12.3+deb8u7_amd64.deb 0a6462b77d33e0a4d2fc1f4c885491fb0baf0c94 345028 libtiff5-dev_4.0.3-12.3+deb8u7_amd64.deb 10802fcd81d747195c3050e4c0984f4b2c9b8d6a 274886 libtiff-tools_4.0.3-12.3+deb8u7_amd64.deb 56009be5fbc3ed88ffca412323bd0fc65f64ae01 86512 libtiff-opengl_4.0.3-12.3+deb8u7_amd64.deb Checksums-Sha256: f9d14ebc651fa937088eebd85a46a071bff977b9580a5fe5ce9a35f57f5b1c4c 2399 tiff_4.0.3-12.3+deb8u7.dsc ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 2051630 tiff_4.0.3.orig.tar.gz b3175567626a0ea5a26565120d8474f1fcb4e22fcd5a0a9cbd1734a8b32421cf 67436 tiff_4.0.3-12.3+deb8u7.debian.tar.xz 9b232d0d00aa6ad29627ba9636ef4a11f9eb3100386308caff6be317e89a7c3e 372030 libtiff-doc_4.0.3-12.3+deb8u7_all.deb fb26377b60a32c2595b6c29b54b5d528eb9037f617934b1122c2f9217a67263d 222904 libtiff5_4.0.3-12.3+deb8u7_amd64.deb 7a6a43f4f9edf8bc8bb6a60010f423beb517f8ca91e90cefc3e4b161b298b652 81628 libtiffxx5_4.0.3-12.3+deb8u7_amd64.deb 97d5925e13ffa207f368ca3bdc1a070dd99714ab3b8e950b1b39128b1dbd67f7 345028 libtiff5-dev_4.0.3-12.3+deb8u7_amd64.deb f85559911bc3935bebeebced074b0802c11b2899668ff3352273959f69ebc56f 274886 libtiff-tools_4.0.3-12.3+deb8u7_amd64.deb b41326c76744825141980d844a5c692c7eab4f31b7f41eb0f41651a979ded25c 86512 libtiff-opengl_4.0.3-12.3+deb8u7_amd64.deb Files: 9451a23c49d1dc29af53e24f1cb13984 2399 libs optional tiff_4.0.3-12.3+deb8u7.dsc 051c1068e6a0627f461948c365290410 2051630 libs optional tiff_4.0.3.orig.tar.gz ca6d40f5e3709b515df7537f21808a67 67436 libs optional tiff_4.0.3-12.3+deb8u7.debian.tar.xz be4e90eff914ad1bc08bfb7cfca9fdc1 372030 doc optional libtiff-doc_4.0.3-12.3+deb8u7_all.deb 2bf7acc97cfd63d9016da66e7e522b99 222904 libs optional libtiff5_4.0.3-12.3+deb8u7_amd64.deb 3950f28d640645be0a78ad191bb91c7c 81628 libs optional libtiffxx5_4.0.3-12.3+deb8u7_amd64.deb e99715abf1a82016106c5149123f807f 345028 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u7_amd64.deb 445b069495904236e3f7ec6215c9b68d 274886 graphics optional libtiff-tools_4.0.3-12.3+deb8u7_amd64.deb c7d9aecec6eb33ed682e23c01a756743 86512 graphics optional libtiff-opengl_4.0.3-12.3+deb8u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlvVqVBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh bHRlaG9sei5kZQAKCRCW/KwNOHtYR9rMEACoD1QTvb32erv7Q9ajGu9RtglD6CS0 Hm3cDQOi9VYTT+9QanLL16rKiigcnCupzrmwwIAFGJoppe6r4qqHN3/lj4Og3Js7 vEuZGA4ts02WTyqhye44xx+2cYjtmvv4MbhneyIMVFYwjVxDLxH+ct/8tNc0K7Au h4c5Nwes7iT9ifyNDJtaWdDiQtm3kwJy2CTpEUSokFByGYBpWBMhltcd8cF6oMY9 1GNTWat4fWnKoXWXfNZKK+WSrJ0YBdsVCXf/vdOPAiORfB3TboPBhaYNYAXOfuLE Xo5Wv4Cg0CU4iP9eoFYGpUX6jHTMVxjUEhLcEJ2AYAEtdnMns2NWP3S72Hw9C4Zt deIfN9pLfxIGa20Kf873yre0AXJAHUQkKqsEIPl8X/Sg3giU4Khov63IKUQfRBJ2 ByFz8sbcrI10286CkMn+oBKKb6rXUCUXehGjYP135li58ejmmL4kZVBXVmENzjVi r5CY29Pvfq4HQuAre3sYRfZxNhAdMGlxnc2HF+Y0R/Fdukqyg2Fbe90MT0CeJTjT Tca6VosncN5aw0LtmBqO1FBZULWMnYg1Xk455jrG/BQ1kzfkVopiEamd8N7AMy3t ur9v3p9eVdFGSaXtkbuYdw8g/kaWafkWuNbiF0icOTo9e8VPZOj7sS2SkCRl2AqH CaybKZXJaItZng== =YUuF -----END PGP SIGNATURE-----