Back to tiff PTS page

Accepted tiff 4.1.0+git201212-1 (source) into unstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Dec 2020 07:52:33 +0100
Source: tiff
Architecture: source
Version: 4.1.0+git201212-1
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changes:
 tiff (4.1.0+git201212-1) unstable; urgency=high
 .
   * Git snapshot, fixing the following security issues:
     - TIFFSetupStrips: enforce 2GB limitation of
       Strip/Tile Offsets/ByteCounts arrays,
     - tiff2ps: fix heap buffer read overflow in PSDataColorContig() ,
     - tiff2pdf: palette bound check in t2p_sample_realize_palette() ,
     - tiffcrop: fix asan runtime error caused by integer promotion,
     - raw2tiff: avoid divide by zero,
     - tif_fax3.c: check buffer overflow in Fax4Decode() ,
     - tif_fax3: better fix for CVE-2011-0192,
     - TIFFReadCustomDirectory(): fix potential heap buffer overflow when
       reading a custom directory, after a regular directory where a codec was
       active,
     - tif_fax3.h: check for buffer overflow in EXPAND2D before "calling"
       CLEANUP_RUNS() ,
     - contrib/win_dib/tiff2dib: fix uninitialized variable: lpBits,
     - Fax3SetupState(): check consistency of rowbytes and rowpixels,
       potential heap overflow in tiff2pdf,
     - tiff2pdf: avoid divide by zero, use-after-free in t2p_writeproc()
       function,
     - tiffcp/tiff2pdf/tiff2ps: enforce maximum malloc size,
     - tif_fax3: more buffer overflow checks in Fax3Decode2D() ,
     - tiffset: check memory allocation, use of allocated memory without null
       pointer check,
     - tiffdump: avoid unaligned memory access,
     - tiff2pdf: normalizePoint() macro to normalize the white point, avoid
       divide by zero,
     - tif_fax3: quit Fax3Decode2D() when a buffer overflow occurs,
     - tiffcrop: enforce memory allocation limit,
     - tiffinfo: fix dump of Tiled images, heap out of bounds read in
       TIFFReadRawData() ,
     - Fax3PreDecode(): reset curruns and refruns state variables,
       heap-buffer-overflow in Fax3Decode2D() ,
     - tif_fax3.h: extra buffer overflow checks, heap-buffer-overflow in
       Fax3Decode2D() ,
     - TIFFStartStrip(): avoid potential crash in WebP codec when using
       scanline access on corrupted files,
     - gtTileContig(): check Tile width for overflow,
     - avoid buffer overflow while writing jpeg end of file marker,
     - tiff2ps.c: fix buffer overread, heap-buffer-overflow in PSDataBW() ,
     - fix potential overflow in gtStripContig() ,
     - more overflow fixes for large width,
     - enforce (configurable) memory limit in tiff2rgba,
     - tiff2pdf: enforce memory limit for tiled pictures,
     - tiffcrop: fix buffer overrun in extractContigSamples24bits() .
   * Build with libdeflate support.
   * Update libtiff5 symbols.
   * Update debhelper level to 13 .
   * Update Standards-Version to 4.5.1 .
Checksums-Sha1:
 b5b832471964154d0ac49534a140bc2f0aa2dfc5 2264 tiff_4.1.0+git201212-1.dsc
 f99ae00f17e051f1489152182351879b8cf45f5c 1723848 tiff_4.1.0+git201212.orig.tar.xz
 a7f8ec43b507f37b110e5650f250573e2b04a097 19512 tiff_4.1.0+git201212-1.debian.tar.xz
Checksums-Sha256:
 835ff106e859dc07d4ca18d9eef0109d646fb6b3324877a7716f9a1ae70a5327 2264 tiff_4.1.0+git201212-1.dsc
 bebb2ad5537638159ff026c933ae769ab720afb8cd7b9f3bf7533db673b8636c 1723848 tiff_4.1.0+git201212.orig.tar.xz
 4a5a87e944b8028fc64d22be950bf6b69ed85d4bd9269c70b27f240ac8e2073c 19512 tiff_4.1.0+git201212-1.debian.tar.xz
Files:
 1040ebe54a671dbe9a6e9f01f3639cd6 2264 libs optional tiff_4.1.0+git201212-1.dsc
 28a39c14bfa889a220a535b2b0d95e28 1723848 libs optional tiff_4.1.0+git201212.orig.tar.xz
 320072303c73f50dce44682656b96957 19512 libs optional tiff_4.1.0+git201212-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl/WiQ4ACgkQ3OMQ54ZM
yL8Y7A//dJxAnuL5CXRzXTaNY7Ocpc6f4kPlhvQTVF03I6KAncAN15tl3PvGeAjK
nsjtnbBD6Y94vGp5CYGOvmSsfVvX5vh4lGpujowfeRJk700WZeGhOdjYRrJ1C9TT
tqI2+EdKEJH0lxAF803wSsNfPgnsOyFvfx+us0XBWcz5lYbni8XRwcaYl+9DRUXI
cT6xWklKkGJFKQYcytWqxDpkT2cfOkkm/S1tnN6olZI+To4EcWdvy7httn92BEoW
iOAVY5xvC2jO3aknGgpvzX2hBPTLpabfYQSb9+YsaHMlv0lWyh5gpRid+udag73L
xNxQm/6TBRkPiJasPUaKUXmw2g9Cdg2jwm1ACVmVMJjJAcqYCvBNPYYCU9EZYYSn
+zTqYW1DqFWDmKDIpnKATOZAXZ/BEB6U51UiDIRc7/XVjYW6xx0mg/UqmhvmhVmM
ykySasM0oANMAOb3rTpcsr2wlGGNUjKaPEW/Bl+Owda/43Bl4NxaYK6DBy1d7uwA
1Njiw46MWPt1yUoRAyIH4o73tszSlGIBHtyW9XRCMRg//QSSeTLbEvmQjwmeyxbE
JNjRSYRn4B3aDgBeTBsFYNqnDl4LZj3zrZLQdteU6xPk9Vx5dKKI5QD5lmaQv/AJ
kcelFJRwlVYLk1tQahCUWrtAmyBaqNGxt59dU7tgY1sEHnNepPI=
=dihl
-----END PGP SIGNATURE-----