Accepted tiff3 3.9.6-11+deb7u1 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Sep 2016 23:10:55 +0200
Source: tiff3
Binary: libtiff4 libtiffxx0c2 libtiff4-dev
Architecture: source amd64
Version: 3.9.6-11+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libtiff4 - Tag Image File Format (TIFF) library (old version)
libtiff4-dev - Tag Image File Format (TIFF) library (old version), development f
libtiffxx0c2 - Tag Image File Format (TIFF) library (old version) -- C++ interfa
Changes:
tiff3 (3.9.6-11+deb7u1) wheezy-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix several security vulnerabilities in tiff3. An attacker could take
advantage of these flaws to cause a denial-of-service against an
application using the libtiff4 library (application crash), or potentially
execute arbitrary code with the privileges of the user running the
application. The following patches were added to address these issues:
- CVE-2014-8128-1.patch
- CVE-2014-8128-2.patch
- CVE-2014-8128-3.patch
- CVE-2014-8128-4.patch
- CVE-2014-8128-5-fixed.patch
- CVE-2014-8129.patch
- CVE-2014-9655.patch
- fix-various-crasher-bugs-on-fuzzed-images.patch
- CVE-2015-8665-and-CVE-2015-8683.patch
- CVE-2016-3623.patch
- CVE-2016-5875.patch
- CVE-2016-5321.patch
- CVE-2016-5323.patch
- CVE-2016-6223.patch
- CVE-2016-3991.patch
- CVE-2016-3990.patch
- CVE-2016-3945.patch
- CVE-2016-3186.patch
- CVE-2013-1961.patch
- CVE-2010-2596.patch
In total these security issues were resolved:
CVE-2016-5322, CVE-2016-3991, CVE-2016-3990, CVE-2016-3945, CVE-2013-1961,
CVE-2014-8128, CVE-2014-8129, CVE-2014-9655, CVE-2015-1547, CVE-2015-8665,
CVE-2015-8683, CVE-2016-3623, CVE-2016-5314, CVE-2016-5315, CVE-2016-5316,
CVE-2016-5317, CVE-2016-5320, CVE-2016-5875, CVE-2016-5323, CVE-2016-5321,
CVE-2016-3186, CVE-2010-2596, CVE-2016-6223
Checksums-Sha1:
424ab80d9f16b31208054a3c3cf6b4c2efd8144c 2082 tiff3_3.9.6-11+deb7u1.dsc
f0e86d3fc3a52b29f4ca76b8436f5b5d6618b18b 1454196 tiff3_3.9.6.orig.tar.gz
7c9857827b66c45df5099f26608f0fd5de083c1e 37477 tiff3_3.9.6-11+deb7u1.debian.tar.gz
6226784ca40d5d4bfb7454e86ff727baa882c8b7 203394 libtiff4_3.9.6-11+deb7u1_amd64.deb
f0eb7f4eb0ca16e9b81d7e20359898977cbeca87 64034 libtiffxx0c2_3.9.6-11+deb7u1_amd64.deb
d9bb8670b9a4e3a1ba42c4d65c39853aa511417f 339076 libtiff4-dev_3.9.6-11+deb7u1_amd64.deb
Checksums-Sha256:
464d03b9552acdfffe6848727394d239d0652b19f4b4c273767e7eda7d7c5aa7 2082 tiff3_3.9.6-11+deb7u1.dsc
0fba119156236074343a14afbd3a47907e3a5952c9c86102305d4eeb06ad6833 1454196 tiff3_3.9.6.orig.tar.gz
a7fe76d92150d14e1061aacc6f9da72ed4811f00c0d3506316053292bc41b4f3 37477 tiff3_3.9.6-11+deb7u1.debian.tar.gz
1bb89c8431ecef8eab92010d9dd90b062ece6a8fcb0e5a9b27cd55db1276da62 203394 libtiff4_3.9.6-11+deb7u1_amd64.deb
a1dc18b678baef123fc165b99f524995c2f7a0ccb77f324970e881826e1f954e 64034 libtiffxx0c2_3.9.6-11+deb7u1_amd64.deb
02bc2e7bad84ec328a7feee480b6b95b9b04bf46c9ec15c4e453f85ed2ea00c2 339076 libtiff4-dev_3.9.6-11+deb7u1_amd64.deb
Files:
fd7b986f5da4afd55f9021dfdf21d044 2082 oldlibs optional tiff3_3.9.6-11+deb7u1.dsc
6920f3bf628d791d49f268b83612ed23 1454196 oldlibs optional tiff3_3.9.6.orig.tar.gz
e53e0acc79b6f66307b922c177326985 37477 oldlibs optional tiff3_3.9.6-11+deb7u1.debian.tar.gz
936142e8702549105693bf726442820c 203394 oldlibs optional libtiff4_3.9.6-11+deb7u1_amd64.deb
2589857978196c108d014b6fb601f5b8 64034 oldlibs optional libtiffxx0c2_3.9.6-11+deb7u1_amd64.deb
0170e84231378d14ac0a95b747140be8 339076 libdevel optional libtiff4-dev_3.9.6-11+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQKMBAEBCgB2BQJXzJBhXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0DxxhcG9AZGViaWFuLm9yZwAKCRDZrRS5UTtR5MVGEACm
TLUy+f4kUxsalW2ExSMWg12pt5gaysD8UK6CUryWo2KeIRLMyVBt7RCnk4q1oJko
gg+apJPpaReVqOOB+MJLJsxfhrytgFqaMTOjEiOrOm2E8rYZkEeOhoW2XkeGNt1D
IdFg4GnjS2l4Zm0Oi4m2QZaCA2CC22f2IEZEJ6aQTjN5trmqCARH3DlAqcmc+zFJ
dhnMVYFq1X+z8w0RCMV+qABSnZ5KxWKGP3vB5j83AItihe66INIxx0myJeZQIjtv
eTUOuGGZyfScuYjgY5xpHL523p7Mud1sI2WBrDET5iSt4oF42YzsGcO97yISOjGv
Jc6MnaNWkrPs4tzgGjANZ2U31ETwBjC8hRDY9i8FNTwmORByItylmsv0BldW+nl4
AjH45HGK3fVWsYvrGW1WP6lpk9+mOhT1XnaAdc30VJjcFpIYsSbid1586AaeSctt
c1QJSTf7hs/JpjqyHUOKgFrl5c2uB6q40GBa7/fMfvUNAFQMj0hmG1mVlMwJRs5g
CHK490ZSAuB/zkPB0POmWW/oi4HGHqqnbHejmib+FkISK0350CMKtotBm8s8vQjG
OC8rxRRXtcLZlSGDoXiQVT5WxBRJll/c+w1KBh0i4czRvQpDVqL8qaPiEFh7tLJ9
rqgORkcycjEscwPEoi9RMaIiLOF3Kx6UoGveVLvCdg==
=HNB9
-----END PGP SIGNATURE-----