Back to tiff3 PTS page

Accepted tiff3 3.9.6-11+deb7u5 (source amd64) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted tiff3 3.9.6-11+deb7u5 (source amd64) into oldstable
From: Markus Koschany <apo@debian.org>
Date: Mon, 24 Apr 2017 18:20:44 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1d2ibM-0000pw-Pm@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 24 Apr 2017 12:26:42 +0200
Source: tiff3
Binary: libtiff4 libtiffxx0c2 libtiff4-dev
Architecture: source amd64
Version: 3.9.6-11+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libtiff4   - Tag Image File Format (TIFF) library (old version)
 libtiff4-dev - Tag Image File Format (TIFF) library (old version), development f
 libtiffxx0c2 - Tag Image File Format (TIFF) library (old version) -- C++ interfa
Changes: 
 tiff3 (3.9.6-11+deb7u5) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix the following security vulnerabilities:
   * CVE-2017-7593:
     tif_read.c in LibTIFF does not ensure that tif_rawdata is properly
     initialized, which might allow remote attackers to obtain sensitive
     information from process memory via a crafted image.
   * CVE-2017-7594:
     The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in LibTIFF
     allows remote attackers to cause a denial of service (memory leak) via a
     crafted image.
   * CVE-2017-7595:
     The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF allows remote
     attackers to cause a denial of service (divide-by-zero error and
     application crash) via a crafted image.
   * CVE-2017-7596, CVE-2017-7597, CVE-2017-7599, CVE-2017-7600:
     LibTIFF has an "outside the range of representable values of type float"
     undefined behavior issue, which might allow remote attackers to cause a
     denial of service (application crash) or possibly have unspecified other
     impact via a crafted image.
   * CVE-2017-7601:
     LibTIFF has a "shift exponent too large for 64-bit type long" undefined
     behavior issue, which might allow remote attackers to cause a denial of
     service (application crash) or possibly have unspecified other impact via a
     crafted image.
Checksums-Sha1: 
 b7b334223df9f555df978f5a6b47301f812068f8 2111 tiff3_3.9.6-11+deb7u5.dsc
 e2cb10b379114e3aa7bed43e372b2f4d051527b6 50286 tiff3_3.9.6-11+deb7u5.debian.tar.gz
 a1fcd58f99bce4429d09c65bec903571816aaec2 204946 libtiff4_3.9.6-11+deb7u5_amd64.deb
 2c32a7cb21bec4d700b54166c5838e3634b5b386 64718 libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb
 19a0837a2949e020a892c4dcd2de2bab3469aa85 341276 libtiff4-dev_3.9.6-11+deb7u5_amd64.deb
Checksums-Sha256: 
 60402a42a47b5a086042976902637e37f1150d427538b8d8c613178a1ab2f69b 2111 tiff3_3.9.6-11+deb7u5.dsc
 99843ed8e2de9cf367fd0893a0deae211cd291012bc69ac9c24a6fbc8645c090 50286 tiff3_3.9.6-11+deb7u5.debian.tar.gz
 55a698f4223db86cd9cfc138e2063472e7a698f4712f9dad6ca5f74b76a022b4 204946 libtiff4_3.9.6-11+deb7u5_amd64.deb
 8f5a76da556dcfb414f539ca3ec1f682430e93e80f8a3491005ff15a2dc4cae8 64718 libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb
 f3dba7fdfb113d2b23010c1c27f4730c866109a2f205a4fb8d009444311753cc 341276 libtiff4-dev_3.9.6-11+deb7u5_amd64.deb
Files: 
 900de34c678e55ff70219251d503ba93 2111 oldlibs optional tiff3_3.9.6-11+deb7u5.dsc
 427f7d68a6b2be975354b683742a4aec 50286 oldlibs optional tiff3_3.9.6-11+deb7u5.debian.tar.gz
 6e58289850226601dc1c8bce31b7124d 204946 oldlibs optional libtiff4_3.9.6-11+deb7u5_amd64.deb
 e41c206400d1211be5ffdc58cad131d3 64718 oldlibs optional libtiffxx0c2_3.9.6-11+deb7u5_amd64.deb
 77f787059799b7eab08adf4d3d8b38a7 341276 libdevel optional libtiff4-dev_3.9.6-11+deb7u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlj91c9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkdK8P+QENYJCrQKwbsBYjB0uQZFAd055uoKwZp3Ea
EbAKKbNCqpKsmiAjiaZVRdSSonE8u4y0qSWBADHJtPvsI2PWJYtwq5bmVoFagpne
GgNOvQtQN6+dgibFzkMXS/75GsJUSNSqkQgEfxaAaEqLko/3tW5WfYSeklxtSUxy
RPkLn3j/SexApt8mBltLThFmU3JntKZxRwArvTCEqd1lsr7kBaZUfAhfnZaqY+pT
tsheObHHbqtDf7B/lSLmBGWCdmiN2O/LCnJLP9VrNNmC4JiyJ2bYL54Jm1ruXkl9
/8WGmxmz77LxsMfyzEr/gG1T5GIq+7/wFtFnQSQl47Ei2X+BoAJfHMEKj1kWyOEe
7j3kJef3JSbmEiKF2aUjTmDaHwnfOu7Yuc9iUewhODtS2geTeSSYAf4gKCqaDpQu
2TjC/qq9yY92duLmy/4iHRHoLjQCYmLbb5izUP4hXYCCIyib1a2QFib1xP7hG+OZ
TRm3hrJd7VcL59mE35CfLkYW07U0LWnaO84pG37PV7WRZB70xs4posR6nwomJFXP
Jg0nybWhLra5W3A2RgKJ1yLtQh6QnWplG6VuQdMsEhh5v8bK+IWabTJBN+v+FztW
AJrkzIr2KB/6M9xOzDU3fp9aGHel9CLGyeTaS441oETF1SdIZYNKOel72eY41wfn
qAM589ay
=LNsX
-----END PGP SIGNATURE-----