Accepted tiff3 3.9.6-11+deb7u6 (source amd64) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 13 Jun 2017 14:33:24 +0200
Source: tiff3
Binary: libtiff4 libtiffxx0c2 libtiff4-dev
Architecture: source amd64
Version: 3.9.6-11+deb7u6
Distribution: wheezy-security
Urgency: medium
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Raphaël Hertzog <hertzog@debian.org>
Description:
libtiff4 - Tag Image File Format (TIFF) library (old version)
libtiff4-dev - Tag Image File Format (TIFF) library (old version), development f
libtiffxx0c2 - Tag Image File Format (TIFF) library (old version) -- C++ interfa
Changes:
tiff3 (3.9.6-11+deb7u6) wheezy-security; urgency=medium
.
* Non-maintainer upload by the Debian LTS team.
* Switch to upstream-provided patch to fix the numerous CVE related
to _TIFFVGetField(). Drop CVE-2014-8128-5-fixed.patch,
CVE-2016-5318_CVE-2015-7554.patch and handle-codec-specific-tags.patch in
favor of CVE-2016-10095_CVE-2017-9147.patch.
Fixes CVE-2016-10095 and CVE-2017-9147 (on top of the older similar
CVE).
* CVE-2017-9403: Fix memory leak in TIFFReadDirEntryLong8Array.
* CVE-2017-9404: Fix multiple memory leaks in tif_ojpeg.c.
Checksums-Sha1:
f598f019f74d9c5e93e0edbf1001b92c3ff27d51 1650 tiff3_3.9.6-11+deb7u6.dsc
f43e37347974b7aeaa7f5401a32500f2fb4ab09b 48032 tiff3_3.9.6-11+deb7u6.debian.tar.gz
e75d6489ee177824aaa4c13189cf962a240288a9 205266 libtiff4_3.9.6-11+deb7u6_amd64.deb
442a75f7a4bc6f611bb81866e075cfb7973b0b54 64926 libtiffxx0c2_3.9.6-11+deb7u6_amd64.deb
c1ee4ff981e84617d7b4baf698b0d9337b09fdea 340236 libtiff4-dev_3.9.6-11+deb7u6_amd64.deb
Checksums-Sha256:
5003c462ea09ec7fc305384c6eb7cb00dbd5028c1798bfa288db661d2e0883c3 1650 tiff3_3.9.6-11+deb7u6.dsc
7800bc938ef5cd6650ec37fb00bea49d9febddc56f68944c875dab195f7789be 48032 tiff3_3.9.6-11+deb7u6.debian.tar.gz
fd5de9356fb9ab111f9441ff2b4ca72db6e31ebd9082c6c80c37c4afc41c2ba7 205266 libtiff4_3.9.6-11+deb7u6_amd64.deb
5a0434e07305364f79ffa4a0bb7d34119fb6cbb00313edbd79304bd26532ae7a 64926 libtiffxx0c2_3.9.6-11+deb7u6_amd64.deb
082192988c628c7cdd99e43c7fcbed43d36149d0560fd39a288d7a9ae7127153 340236 libtiff4-dev_3.9.6-11+deb7u6_amd64.deb
Files:
c48bcea0f8304f9eec170ccdfe4c253b 1650 oldlibs optional tiff3_3.9.6-11+deb7u6.dsc
f2d4ef07c66628976e5cd9a607ec4f2e 48032 oldlibs optional tiff3_3.9.6-11+deb7u6.debian.tar.gz
c80612ed456699048f942e4a7a160fe0 205266 oldlibs optional libtiff4_3.9.6-11+deb7u6_amd64.deb
987ffe313d32a6cb2584af1f67952838 64926 oldlibs optional libtiffxx0c2_3.9.6-11+deb7u6_amd64.deb
3888225fee8955e1b71e32208501c425 340236 libdevel optional libtiff4-dev_3.9.6-11+deb7u6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Comment: Signed by Raphael Hertzog
iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlk/8BIACgkQA4gdq+vC
mrlRJAgAuw3co5JKv4EmUHHFGtF4Xdc3Mi4pxuFZU0ZX3M7lLG1t2vKDsEbp+TXy
xKiw2tBLSnx3qLBJ6ZOw7H3W7N6HQbAt/T38rnf0gpz9SXxswANqWHdJ4vrFsrwA
0Z6kJ13dLj7idhvpL4yaN0DJ9juE2NmK5hvronyNb4FBmY+OV5Czm+yW65bxP7gh
yU/T1AWAeGxjGfWq6/nQIZIILmcsNF0Thi2BpKThImOehv5yGai5DNsBsOsjO45M
mWeZXusDULw8/oS/GU2P+NVyKsaUQKqinyaZ1mChcgQw4Hi6ugcgsE0kEL+a8pes
pbY2Zy5QL/bPv5sOPF0loiq6fNZxmg==
=bXtQ
-----END PGP SIGNATURE-----