Format: 1.8 Date: Tue, 20 Mar 2018 08:00:42 -0400 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: ppc64el Version: 4.0.6-1ubuntu0.3 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium . * SECURITY UPDATE: DoS in tif_read.c - debian/patches/CVE-2016-10266.patch: fix uint32 overflow in libtiff/tif_read.c, libtiff/tiffiop.h. - CVE-2016-10266 * SECURITY UPDATE: DoS in tif_ojpeg.c - debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in case of failure in libtiff/tif_ojpeg.c. - CVE-2016-10267 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in cpDecodedStrips in tools/tiffcp.c. - CVE-2016-10268 * SECURITY UPDATE: DoS in tif_unix.c - debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow in libtiff/tif_luv.c, libtiff/tif_pixarlog.c. - CVE-2016-10269 * SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational - debian/patches/CVE-2016-10371.patch: replace assertion by runtime check in libtiff/tif_dirwrite.c, tools/tiffcrop.c. - CVE-2016-10371 * SECURITY UPDATE: DoS in putagreytile function - debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in libtiff/tif_getimage.c. - CVE-2017-7592 * SECURITY UPDATE: information disclosure in tif_read.c - debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c, libtiff/tif_win32.c, libtiff/tiffio.h. - CVE-2017-7593 * SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable - debian/patches/CVE-2017-7594-1.patch: fix leak in libtiff/tif_ojpeg.c. - debian/patches/CVE-2017-7594-2.patch: fix another leak in libtiff/tif_ojpeg.c. - CVE-2017-7594 * SECURITY UPDATE: DoS in JPEGSetupEncode - debian/patches/CVE-2017-7595.patch: avoid integer division by zero in libtiff/tif_jpeg.c. - CVE-2017-7595 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c, libtiff/tif_dirwrite.c. - CVE-2017-7596 - CVE-2017-7597 - CVE-2017-7599 - CVE-2017-7600 * SECURITY UPDATE: DoS via divide-by-zero - debian/patches/CVE-2017-7598.patch: avoid division by floating point 0 in libtiff/tif_dirread.c. - CVE-2017-7598 * SECURITY UPDATE: DoS via undefined behaviour - debian/patches/CVE-2017-7601.patch: validate BitsPerSample in libtiff/tif_jpeg.c. - CVE-2017-7601 * SECURITY UPDATE: signed integer overflow - debian/patches/CVE-2017-7602.patch: avoid potential undefined behaviour in libtiff/tif_read.c. - CVE-2017-7602 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9403_9815.patch: fix memory leak in libtiff/tif_dirread.c, tools/tiff2ps.c. - CVE-2017-9403 - CVE-2017-9815 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9404.patch: fix potential memory leak in libtiff/tif_ojpeg.c. - CVE-2017-9404 * SECURITY UPDATE: DoS via memory leak - debian/patches/CVE-2017-9936.patch: fix memory leak in libtiff/tif_jbig.c. - CVE-2017-9936 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-10688.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-10688 * SECURITY UPDATE: heap overflow in tiff2pdf.c - debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow write in tools/tiff2pdf.c. - CVE-2017-11335 * SECURITY UPDATE: DoS in TIFFReadDirEntryArray - debian/patches/CVE-2017-12944.patch: add protection against excessive memory allocation attempts in libtiff/tif_dirread.c. - CVE-2017-12944 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13726.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13726 * SECURITY UPDATE: DoS via assertion - debian/patches/CVE-2017-13727.patch: replace assertion in libtiff/tif_dirwrite.c. - CVE-2017-13727 * SECURITY UPDATE: null pointer dereference - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in libtiff/tif_print.c. - CVE-2017-18013 * SECURITY UPDATE: DoS via resource consumption - debian/patches/CVE-2018-5784.patch: fix infinite loop in contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2018-5784 Checksums-Sha1: 4ef9f91611bf9df9643f2862b83e1a17cd3c8396 12684 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb f13b6f700e8f3ea7c119de67308c34c274285533 10808 libtiff-opengl_4.0.6-1ubuntu0.3_ppc64el.deb 582cf94b09aad7f4c49d6bb3647b7fca5a7a7772 351250 libtiff-tools-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb d4d6fa784d112079406eeb1644f1e8966c500569 238566 libtiff-tools_4.0.6-1ubuntu0.3_ppc64el.deb af23e2607f8990c280e5cb5378ee60ce2e4da43d 294080 libtiff5-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb 0a72c3a899c7d59dec4d0bae80ddd4abdd3c8c76 288990 libtiff5-dev_4.0.6-1ubuntu0.3_ppc64el.deb c80749321e09a7c12ca1b61aee1de0c2138bb84b 154598 libtiff5_4.0.6-1ubuntu0.3_ppc64el.deb e0c35da1d1527c81de8cb0a8cd1409ea96931c37 15222 libtiffxx5-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb ad1225ef2139e8c289acb5177d97cda6da5e4a80 6004 libtiffxx5_4.0.6-1ubuntu0.3_ppc64el.deb Checksums-Sha256: f5d7fab28aee6b6db216d0b7bb5a58279328b565b627fb36840794a72a0efa53 12684 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb 6a65e535e70d037417629a91304fa62bdb333f696a32fa79cbbd1e5f977d5097 10808 libtiff-opengl_4.0.6-1ubuntu0.3_ppc64el.deb ab633e96b67f624c311a0e5dc6a8cd4a7f93abc965149e60c3f605b56ea496f4 351250 libtiff-tools-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb dd3ad7303490150743b49fd6ea024e4bd58103c404bfe16d32aa474958628d84 238566 libtiff-tools_4.0.6-1ubuntu0.3_ppc64el.deb 6f8c409477b1659151545ff70ca5d461874bb81558f09388aa927d2186f3411a 294080 libtiff5-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb f4afa4341269cc3483f6974ffde70007cc7f635b2bf3c70a8cf1bb96948a3969 288990 libtiff5-dev_4.0.6-1ubuntu0.3_ppc64el.deb ebfba29dad9f4174c05e6b3d1bd80cab1833be03f3b7f240f6442b6556c3e18a 154598 libtiff5_4.0.6-1ubuntu0.3_ppc64el.deb 4651e0e3c8a97098fadddd85ba5a6b3fd81849622ee1b3a5b36af4cb5b60ac4b 15222 libtiffxx5-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb 4a1a25528926868dc43945a952901a3815e86ad296a869ee5723f8283d12d853 6004 libtiffxx5_4.0.6-1ubuntu0.3_ppc64el.deb Files: 41d7c32c0679487c9d98daded6440a27 12684 graphics extra libtiff-opengl-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb aed59c79d678d82c3495bcf55c86af55 10808 graphics optional libtiff-opengl_4.0.6-1ubuntu0.3_ppc64el.deb d9c57803d32ae4da3e29ac0d4948bdd4 351250 graphics extra libtiff-tools-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb ce9912555cd0c72a37dbdc7acf95c6ff 238566 graphics optional libtiff-tools_4.0.6-1ubuntu0.3_ppc64el.deb 6555d5455f822aa4a5e4fbad5c0a4303 294080 libs extra libtiff5-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb 8006fd586c54b0f3791fee0109158674 288990 libdevel optional libtiff5-dev_4.0.6-1ubuntu0.3_ppc64el.deb 43441303ee751c73a8ec3a9fc6964b12 154598 libs optional libtiff5_4.0.6-1ubuntu0.3_ppc64el.deb fce8c6f24cd63e9ed71ad2f96770a470 15222 libs extra libtiffxx5-dbgsym_4.0.6-1ubuntu0.3_ppc64el.ddeb 64cfe2eb83caaddff74b5163c7c1e9bb 6004 libs optional libtiffxx5_4.0.6-1ubuntu0.3_ppc64el.deb Original-Maintainer: Ondřej Surý