Change log for tiff package in Ubuntu
| 1 → 75 of 280 results | First • Previous • Next • Last |
tiff (4.5.1+git230720-4ubuntu4) oracular; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-7006.patch: adds check for the return value
of _TIFFCreateAnonField() to handle potential NULL pointers in
libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
- CVE-2024-7006
-- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:32 +0300
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.14) focal-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-7006.patch: adds check for the return value
of _TIFFCreateAnonField() to handle potential NULL pointers in
libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
- CVE-2024-7006
-- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:45 +0300
Available diffs
tiff (4.3.0-6ubuntu0.10) jammy-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-7006.patch: adds check for the return value
of _TIFFCreateAnonField() to handle potential NULL pointers in
libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
- CVE-2024-7006
-- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:39 +0300
Available diffs
tiff (4.5.1+git230720-4ubuntu2.2) noble-security; urgency=medium
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2024-7006.patch: adds check for the return value
of _TIFFCreateAnonField() to handle potential NULL pointers in
libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
- CVE-2024-7006
-- Ian Constantin <email address hidden> Thu, 05 Sep 2024 16:59:36 +0300
Available diffs
tiff (4.5.1+git230720-4ubuntu3) oracular; urgency=medium
* SECURITY UPDATE: heap buffer overflow in tiffcrop.c
- debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
- CVE-2023-3164
-- Bruce Cable <email address hidden> Thu, 30 May 2024 13:55:08 +1000
Available diffs
tiff (4.5.1+git230720-4ubuntu2.1) noble-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in tiffcrop.c
- debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
- CVE-2023-3164
-- Bruce Cable <email address hidden> Wed, 29 May 2024 15:09:58 +1000
tiff (4.5.1+git230720-1ubuntu1.2) mantic-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in tiffcrop.c
- debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
- CVE-2023-3164
-- Bruce Cable <email address hidden> Wed, 29 May 2024 15:09:26 +1000
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.13) focal-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in tiffcrop.c
- debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
- CVE-2023-3164
-- Bruce Cable <email address hidden> Mon, 27 May 2024 13:22:12 +1000
Available diffs
tiff (4.3.0-6ubuntu0.9) jammy-security; urgency=medium
* SECURITY UPDATE: heap buffer overflow in tiffcrop.c
- debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
- CVE-2023-3164
-- Bruce Cable <email address hidden> Wed, 29 May 2024 12:08:52 +1000
Available diffs
| Superseded in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
tiff (4.5.1+git230720-4ubuntu2) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 08:28:11 +0000
Available diffs
tiff (4.5.1+git230720-4ubuntu1) noble; urgency=medium
* Merge with Debian. Remaining change:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: out-of-bounds read in tiffcrop
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection in tools/tiffcrop.c.
- CVE-2023-1916
Available diffs
tiff (4.5.1+git230720-1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 18:47:50 -0300
Available diffs
tiff (4.3.0-6ubuntu0.8) jammy-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 18:02:38 -0300
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.12) focal-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 16:43:26 -0300
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
tiff (4.5.1+git230720-3ubuntu1) noble; urgency=medium
* Merge with Debian. Remaining change:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.11) focal-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-40090.patch: Improved IFD-Loop Handling.
- CVE-2022-40090
* SECURITY UPDATE: memory leak
- debian/patches/CVE-2023-3576.patch: Fix memory leak in tiffcrop.c.
- CVE-2023-3576
-- Fabian Toepfer <email address hidden> Thu, 23 Nov 2023 14:41:23 +0100
Available diffs
tiff (4.3.0-6ubuntu0.7) jammy-security; urgency=medium
* SECURITY UPDATE: denial of service
- debian/patches/CVE-2022-40090.patch: Improved IFD-Loop Handling.
- CVE-2022-40090
* SECURITY UPDATE: memory leak
- debian/patches/CVE-2023-3576.patch: Fix memory leak in tiffcrop.c.
- CVE-2023-3576
-- Fabian Toepfer <email address hidden> Thu, 23 Nov 2023 14:39:56 +0100
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.10) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection
- CVE-2023-1916
-- Nishit Majithia <email address hidden> Tue, 10 Oct 2023 15:58:04 +0530
Available diffs
tiff (4.3.0-6ubuntu0.6) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection
- CVE-2023-1916
-- Nishit Majithia <email address hidden> Tue, 10 Oct 2023 15:57:39 +0530
Available diffs
tiff (4.5.0-5ubuntu1.2) lunar-security; urgency=medium
* SECURITY UPDATE: out-of-bound read
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection
- CVE-2023-1916
-- Nishit Majithia <email address hidden> Tue, 10 Oct 2023 15:54:39 +0530
Available diffs
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
tiff (4.5.1+git230720-1ubuntu1) mantic; urgency=medium
* Merge with Debian. Remaining change:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
Available diffs
tiff (4.3.0-6ubuntu0.5) jammy-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-48281.patch: correct simple copy paste error in
tiffcrop.c.
- CVE-2022-48281
* SECURITY UPDATE: NULL pointer dereference
- d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
undefined behavior in tif_dir.c.
- CVE-2023-2908
* SECURITY UPDATE: NULL pointer dereference
- d/p/0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch: avoid
NULL pointer dereferencing in tif_close.c.
- CVE-2023-3316
* SECURITY UPDATE: buffer overflow
- d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
return of writeSelections() in tiffcrop.c.
- CVE-2023-3618
* SECURITY UPDATE: heap-based buffer overflow
- d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
correctly update buffersize after rotateImage() and enlarge buffsize and
check integer overflow within rotateImage() in tiffcrop.c.
- CVE-2023-25433
* SECURITY UPDATE: Use after free
- d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
not reuse input buffer for subsequent images in tiffcrop.c.
- CVE-2023-26965
* SECURITY UPDATE: buffer overflow
- d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
and correct for NaN data in uv_encode() in tif_luv.c.
- CVE-2023-26966
* SECURITY UPDATE: Integer overflow
- d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
memory corruption (overflow) in tiffcp.c.
- CVE-2023-38288
* SECURITY UPDATE: Integer overflow
- d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
integer overflow and bypass of the check in raw2tiff.c.
- CVE-2023-38289
-- Fabian Toepfer <email address hidden> Mon, 07 Aug 2023 17:56:53 +0200
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.9) focal-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-48281.patch: correct simple copy paste error in
tiffcrop.c.
- CVE-2022-48281
* SECURITY UPDATE: NULL pointer dereference
- d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
undefined behavior in tif_dir.c.
- CVE-2023-2908
* SECURITY UPDATE: NULL pointer dereference
- d/p/0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch: avoid
NULL pointer dereferencing in tif_close.c.
- CVE-2023-3316
* SECURITY UPDATE: buffer overflow
- d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
return of writeSelections() in tiffcrop.c.
- CVE-2023-3618
* SECURITY UPDATE: heap-based buffer overflow
- d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
correctly update buffersize after rotateImage() and enlarge buffsize and
check integer overflow within rotateImage() in tiffcrop.c.
- CVE-2023-25433
* SECURITY UPDATE: Use after free
- d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
not reuse input buffer for subsequent images in tiffcrop.c.
- CVE-2023-26965
* SECURITY UPDATE: buffer overflow
- d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
and correct for NaN data in uv_encode() in tif_luv.c.
- CVE-2023-26966
* SECURITY UPDATE: Integer overflow
- d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
memory corruption (overflow) in tiffcp.c.
- CVE-2023-38288
* SECURITY UPDATE: Integer overflow
- d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
integer overflow and bypass of the check in raw2tiff.c.
- CVE-2023-38289
-- Fabian Toepfer <email address hidden> Mon, 07 Aug 2023 19:14:34 +0200
Available diffs
tiff (4.5.0-5ubuntu1.1) lunar-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2023-2731.patch: avoid crash when trying to read again
from a strip with a missing end-of-information marker in tif_lzw.c.
- CVE-2023-2731
* SECURITY UPDATE: NULL pointer dereference
- d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
undefined behavior in tif_dir.c.
- CVE-2023-2908
* SECURITY UPDATE: buffer overflow
- d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
return of writeSelections() in tiffcrop.c.
- CVE-2023-3618
* SECURITY UPDATE: heap-based buffer overflow
- d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
correctly update buffersize after rotateImage() and enlarge buffsize and
check integer overflow within rotateImage() in tiffcrop.c.
- CVE-2023-25433
* SECURITY UPDATE: Use after free
- d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
not reuse input buffer for subsequent images in tiffcrop.c.
- CVE-2023-26965
* SECURITY UPDATE: buffer overflow
- d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
and correct for NaN data in uv_encode() in tif_luv.c.
- CVE-2023-26966
* SECURITY UPDATE: Integer overflow
- d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
memory corruption (overflow) in tiffcp.c.
- CVE-2023-38288
* SECURITY UPDATE: Integer overflow
- d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
integer overflow and bypass of the check in raw2tiff.c.
- CVE-2023-38289
-- Fabian Toepfer <email address hidden> Mon, 07 Aug 2023 19:51:46 +0200
Available diffs
tiff (4.5.0-6ubuntu1) mantic; urgency=medium * Merge from Debian unstable (LP: #2020707). Remaining changes: - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
tiff (4.5.0-5ubuntu1) lunar; urgency=high
* Merge from Debian unstable. Remaining differences:
- Don't build with LERC on i386 because it requires numpy
(Closes: #1017958, LP: #2012540)
Available diffs
tiff (4.0.9-5ubuntu0.10) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads
- debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
input image width and length parameters when only cropped image sections
are rotated in tiffcrop.c.
- CVE-2023-0795
- CVE-2023-0796
- CVE-2023-0797
- CVE-2023-0798
- CVE-2023-0799
* SECURITY UPDATE: out-of-bounds writes
- debian/patches/CVE-2023-0800.patch: added check for assumption on
composite images in tiffcrop.c.
- CVE-2023-0800
- CVE-2023-0801
- CVE-2023-0802
- CVE-2023-0803
- CVE-2023-0804
-- Fabian Toepfer <email address hidden> Fri, 03 Mar 2023 17:24:30 +0100
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.8) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads
- debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
input image width and length parameters when only cropped image sections
are rotated in tiffcrop.c.
- CVE-2023-0795
- CVE-2023-0796
- CVE-2023-0797
- CVE-2023-0798
- CVE-2023-0799
* SECURITY UPDATE: out-of-bounds writes
- debian/patches/CVE-2023-0800.patch: added check for assumption on
composite images in tiffcrop.c.
- CVE-2023-0800
- CVE-2023-0801
- CVE-2023-0802
- CVE-2023-0803
- CVE-2023-0804
-- Fabian Toepfer <email address hidden> Fri, 03 Mar 2023 17:20:24 +0100
Available diffs
tiff (4.3.0-6ubuntu0.4) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads
- debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
input image width and length parameters when only cropped image sections
are rotated in tiffcrop.c.
- CVE-2023-0795
- CVE-2023-0796
- CVE-2023-0797
- CVE-2023-0798
- CVE-2023-0799
* SECURITY UPDATE: out-of-bounds writes
- debian/patches/CVE-2023-0800.patch: added check for assumption on
composite images in tiffcrop.c.
- CVE-2023-0800
- CVE-2023-0801
- CVE-2023-0802
- CVE-2023-0803
- CVE-2023-0804
-- Fabian Toepfer <email address hidden> Fri, 03 Mar 2023 17:17:55 +0100
Available diffs
tiff (4.4.0-4ubuntu3.3) kinetic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds reads
- debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
input image width and length parameters when only cropped image sections
are rotated in tiffcrop.c.
- CVE-2023-0795
- CVE-2023-0796
- CVE-2023-0797
- CVE-2023-0798
- CVE-2023-0799
* SECURITY UPDATE: out-of-bounds writes
- debian/patches/CVE-2023-0800.patch: added check for assumption on
composite images in tiffcrop.c.
- CVE-2023-0800
- CVE-2023-0801
- CVE-2023-0802
- CVE-2023-0803
- CVE-2023-0804
-- Fabian Toepfer <email address hidden> Fri, 03 Mar 2023 16:44:34 +0100
Available diffs
tiff (4.5.0-4ubuntu1) lunar; urgency=medium
* Merge from Debian unstable. Remaining differences:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
Available diffs
tiff (4.4.0-4ubuntu3.2) kinetic-security; urgency=critical
* Backport security fix for CVE-2022-3970, fix (unsigned) integer overflow
on strips/tiles > 2 GB in TIFFReadRGBATileExt() (closes: #1024737).
-- Rico Tzschichholz <email address hidden> Wed, 30 Nov 2022 16:24:00 +0100
Available diffs
tiff (4.3.0-6ubuntu0.3) jammy-security; urgency=medium
* SECURITY UPDATE: unsigned integer overflow
- debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
TIFFReadRGBATile function in libtiff/tif_getimage.c.
- CVE-2022-3970
-- David Fernandez Gonzalez <email address hidden> Thu, 01 Dec 2022 10:12:53 +0100
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.7) focal-security; urgency=medium
* SECURITY UPDATE: unsigned integer overflow
- debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
TIFFReadRGBATile function in libtiff/tif_getimage.c.
- CVE-2022-3970
-- David Fernandez Gonzalez <email address hidden> Thu, 01 Dec 2022 11:00:12 +0100
Available diffs
tiff (4.0.9-5ubuntu0.9) bionic-security; urgency=medium
* SECURITY UPDATE: unsigned integer overflow
- debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
TIFFReadRGBATile function in libtiff/tif_getimage.c.
- CVE-2022-3970
-- David Fernandez Gonzalez <email address hidden> Thu, 01 Dec 2022 10:22:37 +0100
Available diffs
tiff (4.4.0-6ubuntu1) lunar; urgency=critical
* Merge from Debian unstable. Remaining differences:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
Available diffs
- diff from 4.4.0-4ubuntu3 to 4.4.0-6ubuntu1 (13.3 KiB)
- diff from 4.4.0-5ubuntu2 to 4.4.0-6ubuntu1 (4.9 KiB)
| Superseded in lunar-proposed |
tiff (4.4.0-5ubuntu2) lunar; urgency=medium * Update symbols file for i386 where we build without LERC
Available diffs
- diff from 4.4.0-5ubuntu1 to 4.4.0-5ubuntu2 (508 bytes)
| Superseded in lunar-proposed |
tiff (4.4.0-5ubuntu1) lunar; urgency=medium
* Merge from Debian unstable (LP #1997278). Remaining differences:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
- Add CVE-2022-2519_2520_2521_2953.patch (Closes: #1024670)
* Use Debian's patches for the fixes for the other recent CVEs
Available diffs
tiff (4.4.0-4ubuntu3.1) kinetic-security; urgency=medium
* SECURITY UPDATE: heap-overflow and double free in tiffcrop
- debian/patches/CVE-2022-2519_2520_2521_2953.patch: Add checks and ends
tiffcrop if -S arguments are not mutually exclusive.
- CVE-2022-2519
- CVE-2022-2520
- CVE-2022-2521
- CVE-2022-2953
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: out-of-bound write in tif_unix
- debian/patches/CVE-2022-3626_3627.patch: disable incompatibility of -Z,
-X, -Y, -z options with any PAGE_MODE_x option
- CVE-2022-3626
- CVE-2022-3627
-- Nishit Majithia <email address hidden> Wed, 02 Nov 2022 14:13:19 +0530
Available diffs
tiff (4.3.0-6ubuntu0.2) jammy-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
-- Nishit Majithia <email address hidden> Wed, 02 Nov 2022 13:55:08 +0530
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
-- Nishit Majithia <email address hidden> Tue, 01 Nov 2022 20:55:02 +0530
Available diffs
tiff (4.0.9-5ubuntu0.8) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bound read/write in tiffcrop
- debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
correcting uint32_t underflow
- CVE-2022-2867
- CVE-2022-2868
- CVE-2022-2869
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: stack overflow in _TIFFVGetField
- debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
return FALSE when passed a codec-specific tag and the codec is not
configured
- CVE-2022-34526
-- Nishit Majithia <email address hidden> Tue, 01 Nov 2022 20:45:49 +0530
Available diffs
tiff (4.3.0-6ubuntu0.1) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow issue in tiffinfo tool
- debian/patches/CVE-2022-1354.patch: TIFFReadDirectory: fix OJPEG hack
- CVE-2022-1354
* SECURITY UPDATE: buffer overflow issue in tiffcp tool
- debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
"mode" string.
- CVE-2022-1355
* SECURITY UPDATE: Divide By Zero error in tiffcrop
- debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
-- Nishit Majithia <email address hidden> Fri, 19 Sep 2022 19:24:29 +0530
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow issue in tiffinfo tool
- debian/patches/CVE-2022-1354.patch: TIFFReadDirectory: fix OJPEG hack
- CVE-2022-1354
* SECURITY UPDATE: buffer overflow issue in tiffcp tool
- debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
"mode" string.
- CVE-2022-1355
* SECURITY UPDATE: Divide By Zero error in tiffcrop
- debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
-- Nishit Majithia <email address hidden> Fri, 19 Sep 2022 19:19:45 +0530
Available diffs
tiff (4.0.9-5ubuntu0.7) bionic-security; urgency=medium
* SECURITY UPDATE: out-of-bounds read error in tiffcrop
- debian/patches/CVE-2020-19131.patch: fix invertImage() for bps 2 and 4.
- CVE-2020-19131
* SECURITY UPDATE: out-of-bounds read error when executing LogLuv
compression routines
- debian/patches/CVE-2020-19144.patch: LogLuvSetupEncode() error must
return 0.
- CVE-2020-19144
* SECURITY UPDATE: buffer overflow issue in tiffcp tool
- debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
"mode" string.
- CVE-2022-1355
* SECURITY UPDATE: Divide By Zero error in tiffcrop
- debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
- CVE-2022-2056
- CVE-2022-2057
- CVE-2022-2058
-- Nishit Majithia <email address hidden> Fri, 16 Sep 2022 19:12:06 +0530
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.4) focal-security; urgency=medium
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/CVE-2022-0907.patch: add checks for return value of
limitMalloc in tools/tiffcrop.c.
- debian/patches/CVE-2022-0908.patch: avoid
calling memcpy() with a null source pointer and size of zero in
libtiff/tif_dirread.c.
- CVE-2022-0907
- CVE-2022-0908
* SECURITY UPPDATE: floating point exception
- debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
checking if variable is Nan in libtiff/tif_dir.c.
- CVE-2022-0909
* SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
- debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
tools/tiffcp.c.
- CVE-2022-0924
* SECURITY UPDATE: out-of-bounds with custom tag
- debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
for ASCII tags where count is required in tools/tiffset.c.
- CVE-2022-22844
-- David Fernandez Gonzalez <email address hidden> Wed, 07 Sep 2022 11:01:17 +0200
Available diffs
tiff (4.0.9-5ubuntu0.6) bionic-security; urgency=medium
* SECURITY UPDATE: NULL Pointer Dereference
- debian/patches/CVE-2022-0907.patch: add checks for return value of
limitMalloc in tools/tiffcrop.c.
- debian/patches/CVE-2022-0908.patch: avoid
calling memcpy() with a null source pointer and size of zero in
libtiff/tif_dirread.c.
- CVE-2022-0907
- CVE-2022-0908
* SECURITY UPPDATE: floating point exception
- debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
checking if variable is Nan in libtiff/tif_dir.c.
- CVE-2022-0909
* SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
- debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
tools/tiffcp.c.
- CVE-2022-0924
* SECURITY UPDATE: out-of-bounds with custom tag
- debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
for ASCII tags where count is required in tools/tiffset.c.
- CVE-2022-22844
-- David Fernandez Gonzalez <email address hidden> Thu, 08 Sep 2022 17:07:14 +0200
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
tiff (4.4.0-4ubuntu3) kinetic; urgency=medium * Don't build with LERC on i386 because it requires numpy (Closes: #1017958) -- Jeremy Bicha <email address hidden> Tue, 23 Aug 2022 11:30:38 -0400
Available diffs
- diff from 4.4.0-4ubuntu1 to 4.4.0-4ubuntu3 (905 bytes)
- diff from 4.4.0-4ubuntu2 to 4.4.0-4ubuntu3 (759 bytes)
| Superseded in kinetic-proposed |
tiff (4.4.0-4ubuntu2) kinetic; urgency=medium
* Drop this delta as the MIR (LP #1977551) was approved (this package
can be a sync now):
- d/control, d/libtiff5.symbols: drop liblerc-dev build-dependency and
the TIFFInitLERC symbol since that library is in universe and tiff
is in main (LP #1984327)
-- Andreas Hasenack <email address hidden> Thu, 18 Aug 2022 10:19:04 -0300
Available diffs
- diff from 4.4.0-4ubuntu1 to 4.4.0-4ubuntu2 (812 bytes)
tiff (4.4.0-4ubuntu1) kinetic; urgency=medium
* d/control, d/libtiff5.symbols: drop liblerc-dev build-dependency and
the TIFFInitLERC symbol since that library is in universe and tiff
is in main (LP: #1984327)
-- Andreas Hasenack <email address hidden> Wed, 10 Aug 2022 15:40:59 -0300
Available diffs
tiff (4.4.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-34526, denial of service via a crafted
TIFF file.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 06 Aug 2022 15:19:15 +0200
Available diffs
- diff from 4.4.0-3 to 4.4.0-4 (947 bytes)
tiff (4.4.0-3) unstable; urgency=high
* Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058,
divide by zero error in tiffcrop (closes: #1014494).
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 08 Jul 2022 19:02:43 +0200
Available diffs
- diff from 4.4.0-2 to 4.4.0-3 (2.4 KiB)
tiff (4.4.0-2) unstable; urgency=medium * Adjust library symbols with LERC build architectures. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 30 May 2022 18:04:05 +0200
Available diffs
- diff from 4.4.0-1 to 4.4.0-2 (459 bytes)
tiff (4.4.0-1) unstable; urgency=medium * New upstream release. * Backport upstream fix for adding 4.4.0 changes file to documentation. * Build with LERC compression support (closes: #990789). * Update libtiff5 symbols. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 29 May 2022 12:28:49 +0200
Available diffs
- diff from 4.4.0~rc1-1 to 4.4.0-1 (1.4 KiB)
tiff (4.4.0~rc1-1) unstable; urgency=medium * New upstream release candidate version. * Update libtiff5 symbols. * Update watch file. -- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 21 May 2022 15:41:44 +0200
Available diffs
- diff from 4.3.0-7 to 4.4.0~rc1-1 (613.8 KiB)
- diff from 4.3.0-8 to 4.4.0~rc1-1 (614.1 KiB)
tiff (4.3.0-8) unstable; urgency=high
* Backport correct security fix for CVE-2022-1355, stack buffer overflow in
"mode" string (closes: #1011160).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 17 May 2022 21:38:14 +0200
Available diffs
- diff from 4.3.0-7 to 4.3.0-8 (3.1 KiB)
tiff (4.3.0-1ubuntu0.1) impish-security; urgency=medium
* SECURITY UPDATE: null pointer in TIFFReadDirectory
- debian/patches/CVE-2022-0561.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0561
* SECURITY UPDATE: null pointer in TIFFFetchStripThing
- debian/patches/CVE-2022-0562.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0562
* SECURITY UPDATE: denial of service through assertion failure.
- debian/patches/CVE-2022-0865.patch: reset flags to initial state
when file has multiple IFD and when bit reversal is needed in
libtiff/tif_jbig.c.
- CVE-2022-0865
* SECURITY UPDATE: heap buffer overflow in ExtractImageSection
- debian/patches/CVE-2022-0891.patch: correct wrong formula for
image row size calculation in tools/tiffcrop.c.
- CVE-2022-0891
-- David Fernandez Gonzalez <email address hidden> Wed, 11 May 2022 17:07:59 +0200
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.04.3) focal-security; urgency=medium
* SECURITY UPDATE: malloc failure in TIFF2RGBA tool
- debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
limit in tools/tiff2rgba.c.
- CVE-2020-35522
* SECURITY UPDATE: null pointer in TIFFReadDirectory
- debian/patches/CVE-2022-0561.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0561
* SECURITY UPDATE: null pointer in TIFFFetchStripThing
- debian/patches/CVE-2022-0562.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0562
* SECURITY UPDATE: denial of service through assertion failure.
- debian/patches/CVE-2022-0865.patch: reset flags to initial state
when file has multiple IFD and when bit reversal is needed in
libtiff/tif_jbig.c.
- CVE-2022-0865
* SECURITY UPDATE: heap buffer overflow in ExtractImageSection
- debian/patches/CVE-2022-0891.patch: correct wrong formula for
image row size calculation in tools/tiffcrop.c.
- CVE-2022-0891
-- David Fernandez Gonzalez <email address hidden> Thu, 12 May 2022 17:05:25 +0200
Available diffs
tiff (4.0.9-5ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: malloc failure in TIFF2RGBA tool
- debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
limit in tools/tiff2rgba.c.
- CVE-2020-35522
* SECURITY UPDATE: null pointer in TIFFReadDirectory
- debian/patches/CVE-2022-0561.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0561
* SECURITY UPDATE: null pointer in TIFFFetchStripThing
- debian/patches/CVE-2022-0562.patch: add sanity check to ensure
pointer provided to memcpy is not null in libtiff/tif_dirread.c.
- CVE-2022-0562
* SECURITY UPDATE: denial of service through assertion failure.
- debian/patches/CVE-2022-0865.patch: reset flags to initial state
when file has multiple IFD and when bit reversal is needed in
libtiff/tif_jbig.c.
- CVE-2022-0865
* SECURITY UPDATE: heap buffer overflow in ExtractImageSection
- debian/patches/CVE-2022-0891.patch: correct wrong formula for
image row size calculation in tools/tiffcrop.c.
- CVE-2022-0891
-- David Fernandez Gonzalez <email address hidden> Wed, 11 May 2022 17:09:42 +0200
Available diffs
tiff (4.3.0-7) unstable; urgency=high
* Backport security fix for CVE-2022-1354, heap buffer overflow in
TIFFReadRawDataStriped().
* Fix segmentation fault printing GPS directory if Altitude tag is present.
* Fix segmentation fault due to field_name=NULL.
* Backport security fix for CVE-2022-1355, stack buffer overflow in "mode"
string.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 25 Apr 2022 22:24:06 +0200
Available diffs
- diff from 4.3.0-6 to 4.3.0-7 (6.6 KiB)
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
tiff (4.3.0-6) unstable; urgency=high
* Backport security fix for CVE-2022-0908, null source pointer passed as an
argument to memcpy() function within TIFFFetchNormalTag().
* Backport security fix for CVE-2022-0907, unchecked return value to null
pointer dereference in tiffcrop.
* Backport security fix for CVE-2022-0909, divide by zero error in
tiffcrop.
* Backport security fix for CVE-2022-0891, heap buffer overflow in
ExtractImageSection function in tiffcrop.
* Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 13 Mar 2022 11:00:15 +0100
Available diffs
- diff from 4.3.0-5 to 4.3.0-6 (5.1 KiB)
tiff (4.3.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-0865, crash when reading a file with
multiple IFD in memory-mapped mode and when bit reversal is needed.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 07 Mar 2022 22:23:21 +0100
Available diffs
- diff from 4.3.0-4 to 4.3.0-5 (1.0 KiB)
tiff (4.3.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-0561, TIFFFetchStripThing(): avoid
calling memcpy() with a null source pointer and size of zero.
* Backport security fix for CVE-2022-0562, TIFFReadDirectory(): avoid
calling memcpy() with a null source pointer and size of zero.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 12 Feb 2022 21:21:45 +0100
Available diffs
tiff (4.3.0-3build1) jammy; urgency=medium * No-change rebuild against latest libwebp -- Jeremy Bicha <email address hidden> Tue, 01 Feb 2022 09:03:53 -0500
Available diffs
- diff from 4.3.0-3 (in Debian) to 4.3.0-3build1 (346 bytes)
tiff (4.3.0-3) unstable; urgency=high
* Backport security fix for CVE-2022-22844: global-buffer-overflow for
ASCII tags where count is required.
[ Helmut Grohne <email address hidden> ]
* Drop unused Build-Depends: libxmu-dev (closes: #981265).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 26 Jan 2022 17:49:14 +0100
Available diffs
- diff from 4.3.0-2 to 4.3.0-3 (1.4 KiB)
tiff (4.1.0+git191117-2ubuntu0.20.04.2) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow via TIFFTAG_PREDICTOR
- debian/patches/CVE-2020-19143.patch: TIFFTAG_PREDICTOR is not
supported for WebP in libtiff/tif_dirinfo.c, tools/tiffcp.c.
- CVE-2020-19143
-- Marc Deslauriers <email address hidden> Fri, 17 Sep 2021 09:14:04 -0400
Available diffs
tiff (4.3.0-2) unstable; urgency=medium * Upload to Sid. -- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 05 Sep 2021 19:25:09 +0200
Available diffs
- diff from 4.3.0-1 to 4.3.0-2 (295 bytes)
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
tiff (4.3.0-1) experimental; urgency=medium
* New upstream release.
* Remove libport_dummy_function@LIBTIFF_4.0 symbol as no longer part of
the libraries.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 01 Jun 2021 08:19:06 +0200
Available diffs
- diff from 4.2.0-1build1 (in Ubuntu) to 4.3.0-1 (416.6 KiB)
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: Moved to hirsute) |
tiff (4.2.0-1build1) hirsute; urgency=medium * No-change rebuild to build with lto. -- Matthias Klose <email address hidden> Sun, 28 Mar 2021 09:10:31 +0200
Available diffs
- diff from 4.2.0-1 (in Debian) to 4.2.0-1build1 (301 bytes)
tiff (4.1.0+git191117-2ubuntu0.20.04.1) focal-security; urgency=medium
* SECURITY UPDATE: Integer overflow in tif_getimage.c
- debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
libtiff/tif_getimage.c.
- CVE-2020-35523
* SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
- debian/patches/CVE-2020-35524.patch: properly calculate datasize when
saving to JPEG YCbCr in tools/tiff2pdf.c.
- CVE-2020-35524
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:36:40 -0500
Available diffs
tiff (4.1.0+git191117-2ubuntu0.20.10.1) groovy-security; urgency=medium
* SECURITY UPDATE: Integer overflow in tif_getimage.c
- debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
libtiff/tif_getimage.c.
- CVE-2020-35523
* SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
- debian/patches/CVE-2020-35524.patch: properly calculate datasize when
saving to JPEG YCbCr in tools/tiff2pdf.c.
- CVE-2020-35524
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:34:24 -0500
Available diffs
tiff (4.0.9-5ubuntu0.4) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflow in tif_getimage.c
- debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
libtiff/tif_getimage.c.
- CVE-2020-35523
* SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
- debian/patches/CVE-2020-35524.patch: properly calculate datasize when
saving to JPEG YCbCr in tools/tiff2pdf.c.
- CVE-2020-35524
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:37:14 -0500
Available diffs
tiff (4.0.6-1ubuntu0.8) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow in tif_getimage.c
- debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
libtiff/tif_getimage.c.
- CVE-2020-35523
* SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
- debian/patches/CVE-2020-35524.patch: properly calculate datasize when
saving to JPEG YCbCr in tools/tiff2pdf.c.
- CVE-2020-35524
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:38:05 -0500
Available diffs
tiff (4.2.0-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 21 Dec 2020 15:06:46 +0100
Available diffs
tiff (4.1.0+git201212-1ubuntu1) hirsute; urgency=medium
* Don't build deflate, package is in universe, and it likely
will be a while before a MIR is filed and processed ...
This makes libtiff5 installable again.
-- Matthias Klose <email address hidden> Wed, 16 Dec 2020 18:21:44 +0100
Available diffs
| 1 → 75 of 280 results | First • Previous • Next • Last |
