Back to tiff PTS page

Accepted tiff 4.1.0+git191117-2~deb10u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tiff 4.1.0+git191117-2~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
From: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Date: Sat, 25 Jan 2020 19:02:38 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1ivQha-0001kJ-EL@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jan 2020 17:28:54 +0000
Source: tiff
Architecture: source
Version: 4.1.0+git191117-2~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 934780 945402
Changes:
 tiff (4.1.0+git191117-2~deb10u1) buster-security; urgency=high
 .
   * Security backport for Buster.
   * Relax Standards-Version to 4.3.0 .
 .
 tiff (4.1.0+git191117-2) unstable; urgency=medium
 .
   * Backport upstream fix for rowsperstrip parse regression in
     OJPEGReadHeaderInfo() (closes: #945402).
 .
 tiff (4.1.0+git191117-1) unstable; urgency=medium
 .
   * Git snapshot, fixing the following issues:
     - missing TIFFClose in rgb2ycbcr tool,
     - missing checks on TIFFGetField in tiffcrop tool,
     - broken sanity check in OJPEG,
     - missing generated .sh files for tests.
 .
 tiff (4.1.0-1) unstable; urgency=medium
 .
   * New upstream release.
   * Update Standards-Version to 4.4.1 .
 .
 tiff (4.0.10+git191003-1) unstable; urgency=high
 .
   * Git snapshot, fixing the following security issue:
     - TIFFReadAndRealloc(): avoid too large memory allocation attempts.
 .
 tiff (4.0.10+git190903-1) unstable; urgency=high
 .
   * Git snapshot, fixing the following security issues:
     - setByteArray(): avoid potential signed integer overflow,
     - EstimateStripByteCounts(): avoid several unsigned integer overflows,
     - tif_ojpeg: avoid two unsigned integer overflows,
     - OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile
       dimensions close to UINT32_MAX,
     - _TIFFPartialReadStripArray(): avoid unsigned integer overflow,
     - JPEG: avoid use of uninitialized memory on corrupted files,
     - TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t,
     - allocChoppedUpStripArrays(): avoid unsigned integer overflow,
     - tif_ojpeg: avoid use of uninitialized memory on edge/broken file,
     - ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer
       overflows.
 .
 tiff (4.0.10+git190818-1) unstable; urgency=high
 .
   * Git snapshot, fixing the following security issues:
     - RGBA interface: fix integer overflow potentially causing write heap
       buffer overflow,
     - setByteArray(): avoid potential signed integer overflow.
 .
 tiff (4.0.10+git190814-1) unstable; urgency=high
 .
   * Git snapshot, fixing the following security issues:
     - TryChopUpUncompressedBigTiff(): avoid potential division by zero,
     - fix vulnerability introduced by defer strile loading,
     - fix vulnerability in 'D' (DeferStrileLoad) mode,
     - return infinite distance when denominator is zero,
     - OJPEG: avoid use of uninitialized memory on corrupted files,
     - OJPEG: fix integer division by zero on corrupted subsampling factors,
     - OJPEGReadBufferFill(): avoid very long processing time on corrupted
       files,
     - TIFFClientOpen(): fix memory leak if one of the required callbacks is
       not provided,
     - CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other
       implementation-defined behaviour (closes: #934780).
   * Update libtiff5 symbols.
   * Update Standards-Version to 4.4.0 .
Checksums-Sha1:
 c09b8de32dc35900d3a1787aa6d72728e92732dd 2274 tiff_4.1.0+git191117-2~deb10u1.dsc
 19d0d4f42a336cc73060a9c40c21ac45a23d4d41 1533524 tiff_4.1.0+git191117.orig.tar.xz
 c96a473c6259c8d96e10180c64853ba54a6ea143 19440 tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz
Checksums-Sha256:
 fc63d46d3fbc75c2f03b09b79f9297d701a2b08c968bc8b5826f9e71df5180c8 2274 tiff_4.1.0+git191117-2~deb10u1.dsc
 67e1d045e994adb7144b0cca228d70dd6d520aaf8c75c342064bc0fd601e6e42 1533524 tiff_4.1.0+git191117.orig.tar.xz
 e9dcc77d338663f6be84efe32ae5d4ec9b48923c731aa939f37aa909e60d9f10 19440 tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz
Files:
 8d6e86fd98221fa11826eba82a82105b 2274 libs optional tiff_4.1.0+git191117-2~deb10u1.dsc
 f51040d3436eedde9d3ba7d166754c3e 1533524 libs optional tiff_4.1.0+git191117.orig.tar.xz
 09393b26fbbe0e1589b55b8332e405e2 19440 libs optional tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl4c+KcACgkQ3OMQ54ZM
yL+q1w//Q35ff9l5/kP5eLZdfoXVenl6iPRjJZj4P2E5WRSL6UIla/mOrhhQuxd1
z7GaSEfUjRUOf4z+hA4cPZJJK3nPxCB0NxduEijGNtZLeSe++dm2+aTa6/8g9nlZ
khlAW7qRtW08yeU5sJfCm5BNLZ7DdWnp7bcf9/txGmHqXNsCynabb0ikHnfJy6Yb
9+Mh+jZ7xhT6jiDcvYmqKO1kr6L7/21VqSWHY05IvXVFulBxZzLj2zl7cY3umyrg
IzaYWeLn0vlVJmGujbLJuM/iPsLFaSlCUOCycq8LBIuPLuNjona+n29QotZ7sj6f
1dLe9/QdmCeo6nF01zvGCG6i5UaKZxpsVv4/Bdje0G7C34gNEaTgg16+hzPaKCVE
NNdrKERzx2Xu8rWEPpUUtNCXEjR+I2vIPXgCd8CfqHQO/afMo4dh3ZtoDQjRMs6Z
xdAohOkR80PTc5wjdIFXFX9Y2BGXHgUcl4UVtXewqTmQygVv735TqRcBDecMxDss
4KCSzv7PdWUG7m5gJFN2kRz40b+ZLfOwacaksvwlcsYgdu36lxqiPukIvXg6bc2k
6vsiiJrQt4fp1AANYVocdz2iuVsRKBOdq3u4BeI9iS3FLyjZnBzPEQGkL5csy7rd
cTMk1I5Sbu8siuuUFV7nQeXaFosCl32x3pO40A4NbUG7ZNLfbVY=
=QZAs
-----END PGP SIGNATURE-----