Accepted tiff 4.0.10+git190814-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 14 Aug 2019 19:24:22 +0000
Source: tiff
Architecture: source
Version: 4.0.10+git190814-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 934780
Changes:
tiff (4.0.10+git190814-1) unstable; urgency=high
.
* Git snapshot, fixing the following security issues:
- TryChopUpUncompressedBigTiff(): avoid potential division by zero,
- fix vulnerability introduced by defer strile loading,
- fix vulnerability in 'D' (DeferStrileLoad) mode,
- return infinite distance when denominator is zero,
- OJPEG: avoid use of uninitialized memory on corrupted files,
- OJPEG: fix integer division by zero on corrupted subsampling factors,
- OJPEGReadBufferFill(): avoid very long processing time on corrupted
files,
- TIFFClientOpen(): fix memory leak if one of the required callbacks is
not provided,
- CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other
implementation-defined behaviour (closes: #934780).
* Update libtiff5 symbols.
* Update Standards-Version to 4.4.0 .
Checksums-Sha1:
56a0327f17d4b136f77a4ca08ca5a00b8cc87aa0 2243 tiff_4.0.10+git190814-1.dsc
30860672b3dade20fb8074304352378c424ab1a9 1477060 tiff_4.0.10+git190814.orig.tar.xz
7c2bf1c25d83ce9714cad0869daa29a5296b0488 18432 tiff_4.0.10+git190814-1.debian.tar.xz
Checksums-Sha256:
c7788186e23618f4f67b9fd4fc89d495f340b134018a29511d6156ec49981fc3 2243 tiff_4.0.10+git190814-1.dsc
6e584b54bbbf6bf7e7601f6e4a66c735e16d925be6cb115aa0bf7c8e5a657be7 1477060 tiff_4.0.10+git190814.orig.tar.xz
fea62ed59e3de3382c602f475f5c127921a9a77db2b4a587c8f348ce7c1424ba 18432 tiff_4.0.10+git190814-1.debian.tar.xz
Files:
2d30e9ecb75726a6da3140d4ca940cb8 2243 libs optional tiff_4.0.10+git190814-1.dsc
e3c903b2ae6bd7a69decc578f2d83a33 1477060 libs optional tiff_4.0.10+git190814.orig.tar.xz
aa0640ca3faee35c2bb975e088b8b527 18432 libs optional tiff_4.0.10+git190814-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl1UZvsACgkQ3OMQ54ZM
yL80cxAAry4XPSkk8zkf3xhYMe7D0YQ56kQ40cbBR8QyPSO49LbwgPqJOEwyf/NI
dvFAhf5/xvQrwW84mOqDfp/jGI72kmVttHFb4NdiTsxFHUiNtqGS5dMRDrO4WRhp
Op+UjoHG4iLuvIQN1nvQpiZoru7u7zlOkCxyQzrKjXNY9/JwK7ifToc37hcGWB24
YTdYKlSegTQOcvUIs5jia7hPJLdPXIe3/ImPbi2KeXvZmDh87y6t0iMNYk8r8zdn
Aj0zRyGRWzYMK/1nLi3C1Pg10gn40bjQ3DAxey+ypMjidmBMHKguwyGUuO8XcXrd
hH18NgMlU8v/Zi4yVjSnjRJTAkl3V7dtuIWPvHusVfZ91rr4TzFQaorKXfy5oTNZ
Vp9ksesojROB72e0PiRnkM09pe0R9bU7slooVXNXCxEtrRGwC725JIaz+6x4MdZF
hiqHIbaGmNYNRx8LHQsLz4KPgzn6TtfOZukK+yZAKGuXir0nSznqEgNSQgeOTp+x
PQu9AC7SknputPJURqzr/UhW00XAOfQjVSClu6VX+me0wUOTCkrgr1jCDGuHGnL6
cLOEnr4wpqKSzx2iYVqOdK5gWa/cCH+VhztGCxe44e4MQO1A4Z/IQWy4tZ3o1gco
Vxhxuy/zKmgZZnjSFUT3Sequ06eMx579MLepV7rnqYTpIPgXb/Q=
=Mk7Z
-----END PGP SIGNATURE-----