-
tiff (4.5.1+git230720-1ubuntu1.1) mantic-security; urgency=medium
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: memory exhaustion
- debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
memory being greater than filesize in libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-2.patch: add an extra check for above
condition, to only do it for a defined large request in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
libtiff/tif_dirread.c.
- debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
it for a defined large request in more methods in libtiff/tif_dirread.c.
- CVE-2023-6277
* SECURITY UPDATE: segmentation fault
- debian/patches/CVE-2023-52356.patch: add row and column check based
on image sizes in libtiff/tif_getimage.c.
- CVE-2023-52356
-- Rodrigo Figueiredo Zaiden <email address hidden> Fri, 09 Feb 2024 18:47:50 -0300
-
tiff (4.5.1+git230720-1ubuntu1) mantic; urgency=medium
* Merge with Debian. Remaining change:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
tiff (4.5.1+git230720-1) unstable; urgency=medium
* Git snapshot, fixing the following security issues:
- fix TransferFunction writing of only two transfer functions,
- TIFFReadDirectory(): fix crash when reading tag TIFFTAG_EP_BATTERYLEVEL,
- WebP decoder: validate WebP blob width, height, band count against
TIFF parameters,
- TIFFReadDirectoryCheckOrder(): avoid integer overflow,
- tiffcp: fix memory corruption (overflow) on hostile images,
- raw2tiff: fix integer overflow and bypass of the check.
tiff (4.5.1-1) unstable; urgency=medium
* New upstream release.
-- Jeremy BĂcha <email address hidden> Thu, 17 Aug 2023 09:38:15 -0400
-
tiff (4.5.0-6ubuntu1) mantic; urgency=medium
* Merge from Debian unstable (LP: #2020707). Remaining changes:
- Don't build with LERC on i386 because it requires numpy
(Closes: #1017958)
tiff (4.5.0-6) unstable; urgency=high
* Backport security fix for CVE-2023-2731, NULL pointer dereference flaw in
LZWDecode() (closes: #1036282).
-- Amin Bandali <email address hidden> Wed, 24 May 2023 16:13:57 -0400
-
tiff (4.5.0-5ubuntu1) lunar; urgency=high
* Merge from Debian unstable. Remaining differences:
- Don't build with LERC on i386 because it requires numpy
(Closes: #1017958, LP: #2012540)
tiff (4.5.0-5) unstable; urgency=high
* Backport fix for tiffcrop correctly update buffersize after
rotateImage() .
* Backport fix for TIFFClose() avoid NULL pointer dereferencing.
* Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802,
CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop
allows attackers to cause a denial-of-service via a crafted tiff file.
* Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797,
CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows
attackers to cause a denial-of-service via a crafted tiff file.
-- Nathan Pratta Teodosio <email address hidden> Fri, 24 Mar 2023 11:13:09 +0100