Back to tiff PTS page

Accepted tiff 4.0.7-2 (source all amd64) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted tiff 4.0.7-2 (source all amd64) into unstable
From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Date: Wed, 07 Dec 2016 16:49:56 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1cEfPo-00015g-2w@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 04 Dec 2016 12:24:44 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.7-2
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 846837 846838
Changes:
 tiff (4.0.7-2) unstable; urgency=high
 .
   * Backport security fixes:
     - fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer
       division by zero,
     - avoid uint32 underflow in cpDecodedStrips that can cause various
       issues, such as buffer overflows in the library,
     - fix heap-based buffer overflow on generation of PixarLog / LUV
       compressed files, with ColorMap, TransferFunction attached and nasty
       plays with bitspersample,
     - fix ChopUpSingleUncompressedStrip() in reading outside of the
       StripByCounts/StripOffsets arrays when using TIFFReadScanline()
       (closes: #846837),
     - make OJPEGDecode() early exit in case of failure in OJPEGPreDecode() to
       avoid a divide by zero, and potential other issues,
     - fix readContigStripsIntoBuffer() in -i (ignore) mode so that the
       output buffer is correctly incremented to avoid write outside bounds,
     - add 3 extra bytes at end of strip buffer in
       readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
       buffer,
     - fix integer division by zero when BitsPerSample is missing
       (closes: #846838),
     - fix null pointer dereference in -r mode when the image has no
       StripByteCount tag,
     - avoid potential division by zero if BitsPerSamples tag is missing,
     - limit the return number of inks to SamplesPerPixel in
       TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) , so that code that parses ink
       names doesn't go past the end of the buffer,
     - avoid another potential division by zero if BitsPerSamples tag is
       missing,
     - fix uint32 underflow/overflow that can cause heap-based buffer overflow,
     - replace assert( (bps % 8) == 0 ) by a non assert check.
   * Remove thumbnail and rgb2ycbcr documentations, these tools no longer
     present.
Checksums-Sha1:
 48a52b27dffb639cdc00ed341a7b42a7a9bebdff 2157 tiff_4.0.7-2.dsc
 8bbf361bc019c94010c042adbb7ca1e6d9286289 23124 tiff_4.0.7-2.debian.tar.xz
 da0f4a602201d406340a2199b1d4c020ff16e0a3 387840 libtiff-doc_4.0.7-2_all.deb
 74a11cea49462af4c833c34715de330f2b27a281 14158 libtiff-opengl-dbgsym_4.0.7-2_amd64.deb
 c11eb4f61f80fe39fac4bdaaf7c9edbd1af09f51 95566 libtiff-opengl_4.0.7-2_amd64.deb
 422accb6d1662cfeff3b25805d47d391ee8e7b7c 350840 libtiff-tools-dbgsym_4.0.7-2_amd64.deb
 d5a9ee3cb85533eddb43802a6139277a3c4c9d5b 275862 libtiff-tools_4.0.7-2_amd64.deb
 9e2bdf09281a1b7e9bc6a3b2ba9c16ffc7677f66 365976 libtiff5-dbgsym_4.0.7-2_amd64.deb
 a3af72e56fb83c5cdc1c8751f4e71c6048358d2a 352096 libtiff5-dev_4.0.7-2_amd64.deb
 87c8ea7848b81e325d9131efa0b5b8e772e7b6cf 229734 libtiff5_4.0.7-2_amd64.deb
 87a7475184993fc7d32b4beecf6a6a6e19f9c0ef 21036 libtiffxx5-dbgsym_4.0.7-2_amd64.deb
 d8268885a02ea6ac4d02a39ea6a7368eb5e6137c 90880 libtiffxx5_4.0.7-2_amd64.deb
 bc251a142914feb33c305c3e13dd9b8bd5d49bda 10083 tiff_4.0.7-2_amd64.buildinfo
Checksums-Sha256:
 45c96169b9d438e37fe6f64ef77e342620330850ab741880dca4af9f69a451cc 2157 tiff_4.0.7-2.dsc
 496252f073d2382ae47167b3830338353b88115fce87ff07c1bff05040cdb500 23124 tiff_4.0.7-2.debian.tar.xz
 bb6599e2fe13367004995b5a6387e16896007b60d846890c3552ac412cfcf45f 387840 libtiff-doc_4.0.7-2_all.deb
 d604a1032575ac424625c52a30625f132f35cb3d4183fc2a4ce7a6164ffda5ff 14158 libtiff-opengl-dbgsym_4.0.7-2_amd64.deb
 16bd6bd3884b29c156f841132e163ededa0c92477aff9fb8aed4010020a77baf 95566 libtiff-opengl_4.0.7-2_amd64.deb
 52458ea875e80387b2590e6120ce2ddcc2a54a872fbce01721fb3e7edc52e790 350840 libtiff-tools-dbgsym_4.0.7-2_amd64.deb
 353e1c142898b0921d1c02b33d5f0d1f9846f9bc6015d34da03ce491d8732455 275862 libtiff-tools_4.0.7-2_amd64.deb
 321691466a975988eeaedc71450a58cc4a9ed8602205f15d32146822d59cbafc 365976 libtiff5-dbgsym_4.0.7-2_amd64.deb
 0e9a2690d1a81d45418b715d5f3c77a7a20215227e64edecbd172366ac5e0dfc 352096 libtiff5-dev_4.0.7-2_amd64.deb
 3ea0525dcbc394d00e3843c870a7ba4b7d71bbaad36ea6222a3721e6c9f39318 229734 libtiff5_4.0.7-2_amd64.deb
 f4610ac7108f9fb759772c698c4c73e0e97dee0711f3aad73147374baf1fbb35 21036 libtiffxx5-dbgsym_4.0.7-2_amd64.deb
 0d2e4a3a5027d0906d9fe1db1f7112fdbdf7bfe9c76dc2b54520d5320ccfd6b9 90880 libtiffxx5_4.0.7-2_amd64.deb
 228e339f498a2130e48eeb277c3a9080b676e508b4580cbb6b225ae862bad33e 10083 tiff_4.0.7-2_amd64.buildinfo
Files:
 8dd7b62d683875235152ebd5474fe1a0 2157 libs optional tiff_4.0.7-2.dsc
 1d0287fad4becf7356f4b0571b11671f 23124 libs optional tiff_4.0.7-2.debian.tar.xz
 7c4d34c93487f4234585d3fb1e17c58d 387840 doc optional libtiff-doc_4.0.7-2_all.deb
 572f79e4d7636b1a8988ad7dfc59cefc 14158 debug extra libtiff-opengl-dbgsym_4.0.7-2_amd64.deb
 73ed530fe8985ea368d54296ede8af28 95566 graphics optional libtiff-opengl_4.0.7-2_amd64.deb
 16a9f62b7cfad7ddf59bd750dd667cbd 350840 debug extra libtiff-tools-dbgsym_4.0.7-2_amd64.deb
 daa49cbe81d060da50264f5b1fe67d2b 275862 graphics optional libtiff-tools_4.0.7-2_amd64.deb
 3bfd5646dcf48c96c41fa580ed17cc38 365976 debug extra libtiff5-dbgsym_4.0.7-2_amd64.deb
 89dc8984b3b09db0c69808c2b0ea6dc7 352096 libdevel optional libtiff5-dev_4.0.7-2_amd64.deb
 aa798ccec3b1fe6f7d80772090de08b6 229734 libs optional libtiff5_4.0.7-2_amd64.deb
 a12e84476d46ce639123b61c38c537ab 21036 debug extra libtiffxx5-dbgsym_4.0.7-2_amd64.deb
 8bc509217559495288d9a41eb1f1f67d 90880 libs optional libtiffxx5_4.0.7-2_amd64.deb
 fd513485f58ac736b759384716b21483 10083 libs optional tiff_4.0.7-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlhIOs4ACgkQ3OMQ54ZM
yL9ZTRAAtgHJ8/l/2mW9rYtjsYzQzUNV02l3aZxPjhN7+6opSwuxAqUdZVHusrDL
mttaoQnU5DtgOIE0TXOKJAwdZhKvORM4Fyzj44dh+VCyEuqeqDXODLtzYjtfGL+O
7JGsUtGYFY4041LE114ka5bXgmKaZKspt/Zzfg0JM19zDhoSwSazUV1ZDFOjDpmN
zg4CyEuYkxmZHAzSOLb030qeLV7pgLr/viUC4AIYal9gToxYfWoFdaCKOnOHeZYz
zsPVnaibov95hwxOzgbLoNAiboF4H2oowFs1iJB4h/iARtrA1/ZfSAHh24pMUU87
nltAcE0OJLmTMiQEWuM5qdiTVqEC+R61sWkYaFAXUxGWx21LMBXSDY5GwUCosBYY
o6EmuXz6nBswAgiJ67+9h3U+hFUStLq3RHm16XAOcN+rdOmuLxueKjZrHhD7z3Yq
N/HhaxUXCDdqTX4NJRifrd2Oka4YLPWG90OSqfUOV/WXth7nAHOpZU6YCZsUfMub
DVxahlj4tLQDYK+ACqsPJt0Y65z6w59raVQoBzWbhOH0HK4+ve28kpOeVw4LE/Ys
W9k2jYy2YoOUw5X/BzEYiLbc+MVmkLB6sawPRpAe/hcbRjUzmi/2ng6qCpmYKOqD
Zgl41wm906TUfxtsO6bWybM6pamOemg5GrKuOdGv/dqyMV29Lic=
=PwDx
-----END PGP SIGNATURE-----