Format: 1.8 Date: Tue, 20 Mar 2018 08:00:42 -0400 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: all amd64 Version: 4.0.6-1ubuntu0.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium . * SECURITY UPDATE: DoS in tif_read.c - debian/patches/CVE-2016-10266.patch: fix uint32 overflow in libtiff/tif_read.c, libtiff/tiffiop.h. - CVE-2016-10266 * SECURITY UPDATE: DoS in tif_ojpeg.c - debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in case of failure in libtiff/tif_ojpeg.c. - CVE-2016-10267 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in cpDecodedStrips in tools/tiffcp.c. - CVE-2016-10268 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow in libtiff/tif_luv.c, libtiff/tif_pixarlog.c. - CVE-2016-10269 * SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational - debian/patches/CVE-2016-10371.patch: replace assertion by runtime check in libtiff/tif_dirwrite.c, tools/tiffcrop.c. - CVE-2016-10371 * SECURITY UPDATE: DoS in putagreytile function - debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in libtiff/tif_getimage.c. - CVE-2017-7592 * SECURITY UPDATE: information disclosure in tif_read.c - debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c, libtiff/tif_win32.c, libtiff/tiffio.h. - CVE-2017-7593 * SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable - debian/patches/CVE-2017-7594-1.patch: fix leak in libtiff/tif_ojpeg.c. - debian/patches/CVE-2017-7594-2.patch: fix another leak in libtiff/tif_ojpeg.c. - CVE-2017-7594 * SECURITY UPDATE: DoS in JPEGSetupEncode - debian/patches/CVE-2017-7595.patch: avoid integer division by zero in libtiff/tif_jpeg.c. - CVE-2017-7595 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_dirwrite.c. - CVE-2017-7596 - CVE-2017-7597 - CVE-2017-7599 - CVE-2017-7600 * SECURITY UPDATE: DoS via divide-by-zero - debian/patches/CVE-2017-7598.patch: avoid division by floating point 0 in libtiff/tif_dirread.c. - CVE-2017-7598 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7601.patch: validate BitsPerSample in libtiff/tif_jpeg.c. - CVE-2017-7601 * SECURITY UPDATE: signed integer overflow - debian/patches/CVE-2017-7602.patch: avoid potential undefined behaviour in libtiff/tif_read.c. - CVE-2017-7602 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9403_9815.patch: fix memory leak in libtiff/tif_dirread.c, tools/tiff2ps.c. - CVE-2017-9403 - CVE-2017-9815 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9404.patch: fix potential memory leak in libtiff/tif_ojpeg.c. - CVE-2017-9404 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9936.patch: fix memory leak in libtiff/tif_jbig.c. - CVE-2017-9936 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-10688.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-10688 * SECURITY UPDATE: heap overflow in tiff2pdf.c - debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow write in tools/tiff2pdf.c. - CVE-2017-11335 * SECURITY UPDATE: DoS in TIFFReadDirEntryArray - debian/patches/CVE-2017-12944.patch: add protection against excessive memory allocation attempts in libtiff/tif_dirread.c. - CVE-2017-12944 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13726.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13726 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13727.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13727 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in libtiff/tif_print.c. - CVE-2017-18013 * SECURITY UPDATE: DoS via resource consumption - debian/patches/CVE-2018-5784.patch: fix infinite loop in contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2018-5784 Checksums-Sha1: f2a06e96315f4e0a4e00f831cda13dbd8bb76521 306432 libtiff-doc_4.0.6-1ubuntu0.3_all.deb bcdac83177ffe72ac3fc085db99af84148792d78 11894 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 8f504475d2eb1395fffb2d1f98681e2962482ef4 10422 libtiff-opengl_4.0.6-1ubuntu0.3_amd64.deb 64e02e0cab254408153e96546b7119b0cc2fb1e0 289060 libtiff-tools-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 2771dc78ab22f40695494b619f0e3ebb677f147f 221294 libtiff-tools_4.0.6-1ubuntu0.3_amd64.deb 34cdb5a745aa666db9937bc6d093ea7c7616f257 262236 libtiff5-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 2bf77e944bb0b4898a7efc780f2c373585e400eb 267912 libtiff5-dev_4.0.6-1ubuntu0.3_amd64.deb e813988f472ac7c39e5e9bb7200a774ed5ba9cc2 147676 libtiff5_4.0.6-1ubuntu0.3_amd64.deb 9260ef14e0155fcea503f96b66f4b568a43fcb1e 15004 libtiffxx5-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 25aef23a685f30514f3e17af372bd65d55d72357 5594 libtiffxx5_4.0.6-1ubuntu0.3_amd64.deb Checksums-Sha256: 7b392252c7e94de7db68de2193b0dbaf7901054e77b8e6eca2972a3684b9da74 306432 libtiff-doc_4.0.6-1ubuntu0.3_all.deb 09c3c2fc8e92800d627d6aa0c10d704b96c8999babf8e99744af96d9d6d9356d 11894 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb d2c74960d5cf1aaab760c83c64329d5ee68da88cfe126410f17e87b248a7d7d7 10422 libtiff-opengl_4.0.6-1ubuntu0.3_amd64.deb df0b4001084d654a72d4bfa3f7d533c552a66b776e1bfd9d1fec22c3a610a8aa 289060 libtiff-tools-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb ea0e2fa8791a9a92199ef62cbec713a92a1ceeb46f7ea487ee23808d81725cc7 221294 libtiff-tools_4.0.6-1ubuntu0.3_amd64.deb daaac006712e729dd28a28cfc31f8106b5020c4c78ac8994f6b167a03fc50458 262236 libtiff5-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 1d1a911a765530df9b236db64f38c6783b2c4102e1261be0fccd59d30d15769c 267912 libtiff5-dev_4.0.6-1ubuntu0.3_amd64.deb 78a0d0bdd4bfb028e901fa81800151f2d2859f57f500ccf9990940b8fdb42731 147676 libtiff5_4.0.6-1ubuntu0.3_amd64.deb fddeb0aeab376b3ad9af18ed48223ae3b2b489273bb8591ad09f568b0ba0a3ef 15004 libtiffxx5-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb f3bec5ce0238f4f5c0fd328feb7a6d88666339d37387ce26ff978992ae864045 5594 libtiffxx5_4.0.6-1ubuntu0.3_amd64.deb Files: 9aaa0190f0f3a629942684100c7a54b4 306432 doc optional libtiff-doc_4.0.6-1ubuntu0.3_all.deb a4c483d1a37da580dfb0b98ca99c41ef 11894 graphics extra libtiff-opengl-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 6d29bb2b35cc5214fb4db872beb80ac7 10422 graphics optional libtiff-opengl_4.0.6-1ubuntu0.3_amd64.deb 78e6bce492a9183fe29b777dda9d417c 289060 graphics extra libtiff-tools-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 89a013ffdf383dd72793b04edade43b1 221294 graphics optional libtiff-tools_4.0.6-1ubuntu0.3_amd64.deb 7829d4581aea3a0d7b7f60a669ebce5a 262236 libs extra libtiff5-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 4cac3484ddbcebe632528d340e06d510 267912 libdevel optional libtiff5-dev_4.0.6-1ubuntu0.3_amd64.deb 1fa2b28351dfcfdda0dc70e71752a162 147676 libs optional libtiff5_4.0.6-1ubuntu0.3_amd64.deb bc7cd33c512a513d00769c43ed2f6b6a 15004 libs extra libtiffxx5-dbgsym_4.0.6-1ubuntu0.3_amd64.ddeb 4a3a262a069a57aa7614ce57a561c4d5 5594 libs optional libtiffxx5_4.0.6-1ubuntu0.3_amd64.deb Original-Maintainer: Ondřej Surý