Back to tiff PTS page

Accepted tiff 4.0.2-6+deb7u12 (source all amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted tiff 4.0.2-6+deb7u12 (source all amd64) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Mon, 24 Apr 2017 08:30:23 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1d2ZO3-0003Jk-UF@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Apr 2017 09:53:51 +0200
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.2-6+deb7u12
Distribution: wheezy-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes: 
 tiff (4.0.2-6+deb7u12) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix the following security vulnerabilities:
   * CVE-2017-7592:
     The putagreytile function in tif_getimage.c has a left-shift undefined
     behavior issue, which might allow remote attackers to cause a denial of
     service (application crash) or possibly have unspecified other impact via a
     crafted image.
   * CVE-2017-7593:
     tif_read.c in LibTIFF does not ensure that tif_rawdata is properly
     initialized, which might allow remote attackers to obtain sensitive
     information from process memory via a crafted image.
   * CVE-2017-7594:
     The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF
     allows remote attackers to cause a denial of service (memory leak) via a
     crafted image.
   * CVE-2017-7595:
     The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote
     attackers to cause a denial of service (divide-by-zero error and
     application crash) via a crafted image.
   * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600:
     LibTIFF has an "outside the range of representable values of type float"
     undefined behavior issue, which might allow remote attackers to cause a
     denial of service (application crash) or possibly have unspecified other
     impact via a crafted image.
   * CVE-2017-7598:
     tif_dirread.c in LibTIFF might allow remote attackers to cause a denial of
     service (divide-by-zero error and application crash) via a crafted image.
   * CVE-2017-7601:
     LibTIFF has a "shift exponent too large for 64-bit type long" undefined
     behavior issue, which might allow remote attackers to cause a denial of
     service (application crash) or possibly have unspecified other impact via a
     crafted image.
   * CVE-2017-7602:
     LibTIFF has a signed integer overflow, which might allow remote attackers
     to cause a denial of service (application crash) or possibly have
     unspecified other impact via a crafted image.
Checksums-Sha1: 
 fc1de67c973f54cfb0a737e90227ce2f89fbff7b 2361 tiff_4.0.2-6+deb7u12.dsc
 c761c86c25b555bb55e35f358ddd6919666e7ee4 76595 tiff_4.0.2-6+deb7u12.debian.tar.gz
 f865fc713d3e50fee3a3742b9abdb2e123c1b97d 416894 libtiff-doc_4.0.2-6+deb7u12_all.deb
 cba95a625de104c967a7e4a6b9495b3686a35921 239096 libtiff5_4.0.2-6+deb7u12_amd64.deb
 b29cdc286cc432c88eadb9d5402d74d13aa3ffe2 76738 libtiffxx5_4.0.2-6+deb7u12_amd64.deb
 ceda49a5fd175e2adf65a05b00228d9b476b19c1 382932 libtiff5-dev_4.0.2-6+deb7u12_amd64.deb
 1d14e1ce25754c0892de50b12f24cda739ac08b9 303230 libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb
 db9ed81e19eb52820e7bedb77aa124010ef566e3 309040 libtiff-tools_4.0.2-6+deb7u12_amd64.deb
 145dbc99fcbf6520d72ab9bb78ad2d39728d5f07 82246 libtiff-opengl_4.0.2-6+deb7u12_amd64.deb
Checksums-Sha256: 
 6681c0a125d3e8b358cabff07303c73c451bd7c8b2648b0f2e14bf1c8b214eb2 2361 tiff_4.0.2-6+deb7u12.dsc
 22bb072badd4005c14dcd4592d244612e1f328266d8a239c545ea0c31f1d399c 76595 tiff_4.0.2-6+deb7u12.debian.tar.gz
 2bc783caeb7a84e5b891cfb0828f9ec990f655265a288238b25f27426b215ecb 416894 libtiff-doc_4.0.2-6+deb7u12_all.deb
 d47e7a312861f8dd22eacd87b04a6ce6c4eb40e4aba48102b883212414289e67 239096 libtiff5_4.0.2-6+deb7u12_amd64.deb
 0d7488a515bbfc06be66f7e3caf83385d84053b8f72694dc10a8f6c507998861 76738 libtiffxx5_4.0.2-6+deb7u12_amd64.deb
 9ffba0f864d64113e3f2d841a216cbe3903e1bffe99d229184221bb3a97803c0 382932 libtiff5-dev_4.0.2-6+deb7u12_amd64.deb
 b7564fed8f33dd1bd6b51034d8dba1147e9a462efce50af2c4371584c6cadf23 303230 libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb
 077bb8d3dcf4d825f171194dab637adfeb083ee09e61265bbb47a89ec33821a1 309040 libtiff-tools_4.0.2-6+deb7u12_amd64.deb
 3296859c0df5f31cd6be2bd23d1fedd2688b33f02515722b995acc09e81fb7ed 82246 libtiff-opengl_4.0.2-6+deb7u12_amd64.deb
Files: 
 03bdd9c7a366ec912f80f6f06dafadc5 2361 libs optional tiff_4.0.2-6+deb7u12.dsc
 86908af95730793f3c737de6d18cb3b4 76595 libs optional tiff_4.0.2-6+deb7u12.debian.tar.gz
 5c36a8f57ec79d21188b82f5e7d70db2 416894 doc optional libtiff-doc_4.0.2-6+deb7u12_all.deb
 c82591e13e7f4f12208e776a089f4d73 239096 libs optional libtiff5_4.0.2-6+deb7u12_amd64.deb
 65a046103195c06003bbb2d590134a79 76738 libs optional libtiffxx5_4.0.2-6+deb7u12_amd64.deb
 3f509ca216d2451231604005ad00489b 382932 libdevel optional libtiff5-dev_4.0.2-6+deb7u12_amd64.deb
 e2045ef73b50058906422de0ac8a3cab 303230 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u12_amd64.deb
 82d80bf2afc426cc0a835da1c580352b 309040 graphics optional libtiff-tools_4.0.2-6+deb7u12_amd64.deb
 c412bbc56e230f030c6d51ab518fcd16 82246 graphics optional libtiff-opengl_4.0.2-6+deb7u12_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj9tg1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkhA0QAKJ7HX7au7RjI4rIbkk2DBTbFNRKtV0y8Yvr
6VgIOlJimJU0d/TICNcMp0n5aFFqjkmjYc8h3cte2Luf8Epy+g8PlFSOMpOTQwR1
gf7V9BA3AUWGGeRZWPWtf4ZOOVYdE6YGhPo020YUBTOqzaNUfDwAl6qWAUo4h8g0
lrlMm8MKhuxWXDKmZfKDSEzIGmpa/wLP6yqy8zPDI/UvsjFfdw1/U+1vILoqbkXD
UO7slrJuXQNnPdQiBnQTtMDvYOqbbrKdd1ZiPYJaKnpgYXao5YcZdVyu0CnlXQjZ
XZW4QlbQbyEu/zsfKu4eEHjUIoxptojPy26dEeoYmabKT9LM+cztf+jB1qhjvD8Y
TKZx0iIiIplqO0g7nwjtsDGjDranCX2B/C1QaTN84tm1lbWJlw5H7943iyrZFFCf
XhKwORtkrqBM2xayrNTN6BgiNFL7GyO2/1cTq9aU4VJ1jXgnrNOxlrugaquEBjeB
Z+DekzYeZeP/4Csoon1FN84pYx1bYimuX8iZwMTrVvUKoQAqDBmeC6vqktewcU4h
e9E2eEVQa7iOnL5/z+cdmxDK1pbTadCiWqp/D4VGbAxXrYWrcO8kLMIR6fFrDhDc
udxShu8E6faPdo4Suf/aWgBvDcKyTE5cxj0uKPXjRrVkm8mrHOJl6JnQSGPR72J2
0/iHusb9
=0BJA
-----END PGP SIGNATURE-----