Ubuntu
tiff package

Please merge tiff 4.5.0-5 from Debian unstable

Bug #2012540 reported by Nathan Teodosio
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
tiff (Ubuntu)
Fix Released
High
Unassigned

Bug Description

Please merge tiff 4.5.0-5 from Debian unstable.

Revision history for this message
Nathan Teodosio (nteodosio) wrote :
Revision history for this message
Nathan Teodosio (nteodosio) wrote :
Changed in tiff (Ubuntu):
status: In Progress → Confirmed
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks Nathan!

Changed in tiff (Ubuntu):
importance: Undecided → High
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tiff - 4.5.0-5ubuntu1

---------------
tiff (4.5.0-5ubuntu1) lunar; urgency=high

  * Merge from Debian unstable. Remaining differences:
    - Don't build with LERC on i386 because it requires numpy
      (Closes: #1017958, LP: #2012540)

tiff (4.5.0-5) unstable; urgency=high

  * Backport fix for tiffcrop correctly update buffersize after
    rotateImage() .
  * Backport fix for TIFFClose() avoid NULL pointer dereferencing.
  * Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802,
    CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop
    allows attackers to cause a denial-of-service via a crafted tiff file.
  * Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797,
    CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows
    attackers to cause a denial-of-service via a crafted tiff file.

 -- Nathan Pratta Teodosio <email address hidden> Fri, 24 Mar 2023 11:13:09 +0100

Changed in tiff (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.