Back to tiff PTS page

Accepted tiff 4.0.3-12.3+deb8u2 (source all amd64) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tiff 4.0.3-12.3+deb8u2 (source all amd64) into proposed-updates->stable-new, proposed-updates
From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Date: Sun, 15 Jan 2017 23:02:56 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1cStpA-000EaA-15@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 21 Nov 2016 21:32:06 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 819972 820362 820363 820364 820365 820366 830700 836570 842046 842270 842361 844013 844057 844226
Changes:
 tiff (4.0.3-12.3+deb8u2) jessie-security; urgency=high
 .
   * Backport fix for the following vulnerabilities:
     - CVE-2016-5314 , CVE-2016-5315 , CVE-2016-5316, CVE-2016-5317: several
       out of bound writes in the rgb2ycbcr tool (closes: #830700),
     - CVE-2016-5320, rgb2ycbcr: command excution,
     - CVE-2016-5875, heap-based buffer overflow when using the PixarLog
       compression format,
     - CVE-2016-6223, information leak in libtiff/tif_read.c (closes: #842270),
     - CVE-2016-5321: DumpModeDecode() DoS,
     - CVE-2016-5323: _TIFFFax3fillruns() NULL pointer dereference,
     - CVE-2016-3945: out-of-bounds write in the tiff2rgba tool,
     - CVE-2016-3990: out-of-bounds write in horizontalDifference8() in tiffcp
       tool (closes: #836570),
     - CVE-2016-3991: heap-based buffer overflow in the loadImage function in
       the tiffcrop tool,
     - CVE-2016-5322: extractContigSamplesBytes: out-of-bounds read in the
       tiffcrop tool,
     - CVE-2016-3623: rgb2ycbcr tool DoS by setting the (1) '-v' or (2) '-h'
       parameter to 0 ,
     - CVE-2016-9533: PixarLog horizontalDifference heap-buffer-overflow,
     - CVE-2016-9534: TIFFFlushData1 heap-buffer-overflow,
     - CVE-2016-9535: Predictor heap-buffer-overflow,
     - CVE-2016-9536: t2p_process_jpeg_strip heap-buffer-overflow,
     - CVE-2016-9537: out-of-bounds write vulnerabilities in buffers of
       tiffcrop,
     - CVE-2016-9538: read of undefined buffer in readContigStripsIntoBuffer()
       due to uint16 overflow,
     - CVE-2016-9540: out-of-bounds write on tiled images,
     - CVE-2016-3624: rgb2ycbcr tool DoS by setting the '-v' option to -1 ,
     - CVE-2016-3622: divide-by-zero error in the tiff2rgba tool
       (closes: #820365),
     - CVE-2016-5652: fix write buffer overflow of 2 bytes on JPEG compressed
       images (closes: #842361),
     - CVE-2016-9453: out-of-bounds write memcpy in tiff2pdf tool,
     - CVE-2016-9273: read outsize of array in tiffsplit tool
       (closes: #844013),
     - CVE-2016-9532: heap buffer overflow via writeBufferToSeparateStrips in
       the tiffcrop tool (closes: #844057),
     - CVE-2016-9297: potential read outside buffer in _TIFFPrintField()
       (closes: #844226),
     - CVE-2016-9448: invalid read of size 1 in TIFFFetchNormalTag, regression
       of CVE-2016-9297 ,
     - CVE-2016-10092: heap-buffer-overflow in tiffcrop,
     - CVE-2016-10093: uint32 underflow/overflow that can cause heap-based
       buffer overflow in tiffcp,
     - CVE-2016-10094: off-by-one error in tiff2pdf.
   * Fix CVE-2015-8668 (closes: #842046), CVE-2016-3619 (closes: #820362),
     CVE-2016-3620 (closes: #820363), CVE-2016-3621 (closes: #820364) and
     CVE-2016-5319 with removing bmp2tiff.
   * Fix CVE-2016-3186 (closes: #819972) and CVE-2016-5102 with removing
     gif2tiff.
   * Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
     CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
   * Remove no longer supported ras2tiff tool.
Checksums-Sha1:
 4052058e8fd2efd8b544d1b4e35fea6b6defd0cf 2240 tiff_4.0.3-12.3+deb8u2.dsc
 db2da0c828ce0a15737416cb9cb7643f02e92616 43512 tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 0f55b35ee2815838d80d5aa5b7f82f56c15d854b 367184 libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 5a1829166804a852ee42c0e408d611601a346628 215942 libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 b92399d76710777d1a3451a9f61631096b9a056b 77704 libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 16b7f8455de19d1bdd3bc5d875789dc490ab9d2e 337848 libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 7f37a7d6a07f06141e894001e8f003714b16b1d8 271252 libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 54efbc23cbbfa0bd7fccc99a9081d6d3f6e16689 82632 libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb
Checksums-Sha256:
 6a2dd52c52bccdc8404be32a55c2e26fa0077736a5d8e3644123e6155866ac45 2240 tiff_4.0.3-12.3+deb8u2.dsc
 0f5eb5da8fd6c9b334db2cb715e9c747e1173e5f9288daeb2036108f9cfefb90 43512 tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 07721f9c8f003409a7a9d5624322965b40c12086efa08357633de75bbdbd696f 367184 libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 82cbbffc6b090e3d3e09fa7fb37bf769666cba2bbf491501a432b9fb2599e509 215942 libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 8cb55ed976a3c3b666fb0b7c592342f7e8b922b9a6d8b3a16553c55c36524032 77704 libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 9f1cbe3f873941297d0ea6d2c895f3e55438c217a66116ad24aefad6c509c6fd 337848 libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 e10dd63cf1f220c10bfad4c7d056e4e66477516450d97a97c812e8652b0391c9 271252 libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 d34db3e2fe021b48da1e59a8dfc17fc64aaddeaae8d143e9357957de4d565542 82632 libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb
Files:
 3a9ad683bac10d3fb3684776b8c52069 2240 libs optional tiff_4.0.3-12.3+deb8u2.dsc
 dc4dc19c4eee7afe95855f46437f8b4b 43512 libs optional tiff_4.0.3-12.3+deb8u2.debian.tar.xz
 a3014e24d81a15273b26d2f075a92c86 367184 doc optional libtiff-doc_4.0.3-12.3+deb8u2_all.deb
 d2bf6666f4c5bcdf348ff9b253b9440f 215942 libs optional libtiff5_4.0.3-12.3+deb8u2_amd64.deb
 eaf0a311b4be823f9bc55f07e8d66094 77704 libs optional libtiffxx5_4.0.3-12.3+deb8u2_amd64.deb
 3ef5f421142ec36ad2ac0e1396c22792 337848 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u2_amd64.deb
 734952555b4a3d4a342c345cd8b44f04 271252 graphics optional libtiff-tools_4.0.3-12.3+deb8u2_amd64.deb
 7314ac1e3d277e4b1b46e914ed13dee4 82632 graphics optional libtiff-opengl_4.0.3-12.3+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlh3+CIACgkQEMKTtsN8
TjY+3A//YsfuShAmJbxrQ+XCz4YrYgOMc69eYbZ4dpWxgb0VAg0BLoKNan/tFLRa
ehIEczIKr8c2TRIeEnUwP97iKCQ9hzbxtksHc4hCJ3Yj/u4jmOc+FcYyUT2zfBHr
dZwNUBY3J8id9ZEW+9KyA6UXpSpbMTRwORnOv+IcBlamQmKI/WF/2JfpzJ3LW9BJ
+YZO+SINWASEcvJdX7rA3LM+wMuu/KuYos18l4qq+U6sAClpa1WmhgYr1Wb60SvU
kyWUafll67voyfq9hYLupZczXgutjVt+vwJ8UUwpnPM0Z7MKIhAebaAx97iwCGxU
3NmszdWELss0fjDUzrXEbnvBe2ovhIU2vRVnju28T0YahvE/PO8rLbPwr8ZWDqRh
ebNHqeiGu1Jn6ZYlUiBCp6IH6Y0cMaXMASfgeW5t16PRy8vasIGWsxFg7mJfNHu8
0ZkLchJcHKX9I4pAVZXKswQ7c+sPgWRItrMFHqcYQcpD6+wvo93iHM3clF65iy3q
1OaAmigv8I3PpibEFNR8EiErDiXNvvNwv+Y54cjrRbJ+BdsdaUZU3WXofBCuEa1P
IcvAkdlRV4ZPhFLtKzW+o3NmRUsHmmldlDBdHMZsDMiuWKI3weNjH1vuVQCswC64
8C6QXtcbphG9CM/58nejWD2vFGqQdThaJv5vcMXj5S2hBIgMglI=
=ZVkd
-----END PGP SIGNATURE-----