Accepted tiff 4.1.0+git191117-2~deb10u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Jan 2020 17:28:54 +0000
Source: tiff
Architecture: source
Version: 4.1.0+git191117-2~deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 934780 945402
Changes:
tiff (4.1.0+git191117-2~deb10u1) buster-security; urgency=high
.
* Security backport for Buster.
* Relax Standards-Version to 4.3.0 .
.
tiff (4.1.0+git191117-2) unstable; urgency=medium
.
* Backport upstream fix for rowsperstrip parse regression in
OJPEGReadHeaderInfo() (closes: #945402).
.
tiff (4.1.0+git191117-1) unstable; urgency=medium
.
* Git snapshot, fixing the following issues:
- missing TIFFClose in rgb2ycbcr tool,
- missing checks on TIFFGetField in tiffcrop tool,
- broken sanity check in OJPEG,
- missing generated .sh files for tests.
.
tiff (4.1.0-1) unstable; urgency=medium
.
* New upstream release.
* Update Standards-Version to 4.4.1 .
.
tiff (4.0.10+git191003-1) unstable; urgency=high
.
* Git snapshot, fixing the following security issue:
- TIFFReadAndRealloc(): avoid too large memory allocation attempts.
.
tiff (4.0.10+git190903-1) unstable; urgency=high
.
* Git snapshot, fixing the following security issues:
- setByteArray(): avoid potential signed integer overflow,
- EstimateStripByteCounts(): avoid several unsigned integer overflows,
- tif_ojpeg: avoid two unsigned integer overflows,
- OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile
dimensions close to UINT32_MAX,
- _TIFFPartialReadStripArray(): avoid unsigned integer overflow,
- JPEG: avoid use of uninitialized memory on corrupted files,
- TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t,
- allocChoppedUpStripArrays(): avoid unsigned integer overflow,
- tif_ojpeg: avoid use of uninitialized memory on edge/broken file,
- ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer
overflows.
.
tiff (4.0.10+git190818-1) unstable; urgency=high
.
* Git snapshot, fixing the following security issues:
- RGBA interface: fix integer overflow potentially causing write heap
buffer overflow,
- setByteArray(): avoid potential signed integer overflow.
.
tiff (4.0.10+git190814-1) unstable; urgency=high
.
* Git snapshot, fixing the following security issues:
- TryChopUpUncompressedBigTiff(): avoid potential division by zero,
- fix vulnerability introduced by defer strile loading,
- fix vulnerability in 'D' (DeferStrileLoad) mode,
- return infinite distance when denominator is zero,
- OJPEG: avoid use of uninitialized memory on corrupted files,
- OJPEG: fix integer division by zero on corrupted subsampling factors,
- OJPEGReadBufferFill(): avoid very long processing time on corrupted
files,
- TIFFClientOpen(): fix memory leak if one of the required callbacks is
not provided,
- CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other
implementation-defined behaviour (closes: #934780).
* Update libtiff5 symbols.
* Update Standards-Version to 4.4.0 .
Checksums-Sha1:
c09b8de32dc35900d3a1787aa6d72728e92732dd 2274 tiff_4.1.0+git191117-2~deb10u1.dsc
19d0d4f42a336cc73060a9c40c21ac45a23d4d41 1533524 tiff_4.1.0+git191117.orig.tar.xz
c96a473c6259c8d96e10180c64853ba54a6ea143 19440 tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz
Checksums-Sha256:
fc63d46d3fbc75c2f03b09b79f9297d701a2b08c968bc8b5826f9e71df5180c8 2274 tiff_4.1.0+git191117-2~deb10u1.dsc
67e1d045e994adb7144b0cca228d70dd6d520aaf8c75c342064bc0fd601e6e42 1533524 tiff_4.1.0+git191117.orig.tar.xz
e9dcc77d338663f6be84efe32ae5d4ec9b48923c731aa939f37aa909e60d9f10 19440 tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz
Files:
8d6e86fd98221fa11826eba82a82105b 2274 libs optional tiff_4.1.0+git191117-2~deb10u1.dsc
f51040d3436eedde9d3ba7d166754c3e 1533524 libs optional tiff_4.1.0+git191117.orig.tar.xz
09393b26fbbe0e1589b55b8332e405e2 19440 libs optional tiff_4.1.0+git191117-2~deb10u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl4c+KcACgkQ3OMQ54ZM
yL+q1w//Q35ff9l5/kP5eLZdfoXVenl6iPRjJZj4P2E5WRSL6UIla/mOrhhQuxd1
z7GaSEfUjRUOf4z+hA4cPZJJK3nPxCB0NxduEijGNtZLeSe++dm2+aTa6/8g9nlZ
khlAW7qRtW08yeU5sJfCm5BNLZ7DdWnp7bcf9/txGmHqXNsCynabb0ikHnfJy6Yb
9+Mh+jZ7xhT6jiDcvYmqKO1kr6L7/21VqSWHY05IvXVFulBxZzLj2zl7cY3umyrg
IzaYWeLn0vlVJmGujbLJuM/iPsLFaSlCUOCycq8LBIuPLuNjona+n29QotZ7sj6f
1dLe9/QdmCeo6nF01zvGCG6i5UaKZxpsVv4/Bdje0G7C34gNEaTgg16+hzPaKCVE
NNdrKERzx2Xu8rWEPpUUtNCXEjR+I2vIPXgCd8CfqHQO/afMo4dh3ZtoDQjRMs6Z
xdAohOkR80PTc5wjdIFXFX9Y2BGXHgUcl4UVtXewqTmQygVv735TqRcBDecMxDss
4KCSzv7PdWUG7m5gJFN2kRz40b+ZLfOwacaksvwlcsYgdu36lxqiPukIvXg6bc2k
6vsiiJrQt4fp1AANYVocdz2iuVsRKBOdq3u4BeI9iS3FLyjZnBzPEQGkL5csy7rd
cTMk1I5Sbu8siuuUFV7nQeXaFosCl32x3pO40A4NbUG7ZNLfbVY=
=QZAs
-----END PGP SIGNATURE-----