-
tiff (4.0.6-1ubuntu0.8) xenial-security; urgency=medium
* SECURITY UPDATE: Integer overflow in tif_getimage.c
- debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
libtiff/tif_getimage.c.
- CVE-2020-35523
* SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
- debian/patches/CVE-2020-35524.patch: properly calculate datasize when
saving to JPEG YCbCr in tools/tiff2pdf.c.
- CVE-2020-35524
-- Marc Deslauriers <email address hidden> Thu, 25 Feb 2021 07:38:05 -0500
-
tiff (4.0.6-1ubuntu0.7) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect integer overflow checks
- debian/patches/CVE-2019-14973.patch: fix implementation-defined
behaviour in libtiff/tif_aux.c, libtiff/tif_getimage.c,
libtiff/tif_luv.c, libtiff/tif_pixarlog.c, libtiff/tif_read.c,
libtiff/tif_strip.c, libtiff/tif_tile.c, libtiff/tiffiop.h.
- debian/libtiff5.symbols: added new symbols.
- CVE-2019-14973
* SECURITY UPDATE: heap-based buffer overflow via crafted RGBA image
- debian/patches/CVE-2019-17546.patch: fix integer overflow in
libtiff/tif_getimage.c.
- CVE-2019-17546
-- Marc Deslauriers <email address hidden> Wed, 16 Oct 2019 09:57:14 -0400
-
tiff (4.0.6-1ubuntu0.6) xenial-security; urgency=medium
* SECURITY UPDATE: heap over-read in TIFFWriteScanline
- debian/patches/CVE-2018-10779.patch: fix overflow in
libtiff/tif_write.c.
- CVE-2018-10779
* SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
- debian/patches/CVE-2018-12900-1.patch: check for overflow in
tools/tiffcp.c.
- debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
- CVE-2018-12900
- CVE-2019-7663
* SECURITY UPDATE: NULL pointer dereference in _TIFFmemcmp
- debian/patches/CVE-2018-17000.patch: add NULL check in
libtiff/tif_dirwrite.c.
- CVE-2018-17000
* SECURITY UPDATE: NULL pointer dereference in TIFFWriteDirectorySec
- debian/patches/CVE-2018-19210-1.patch: unset transferfunction field
if necessary in libtiff/tif_dir.c.
- debian/patches/CVE-2018-19210-2.patch: fix warning in
libtiff/tif_dir.c.
- CVE-2018-19210
* SECURITY UPDATE: memory leak in TIFFFdOpen
- debian/patches/CVE-2019-6128.patch: properly handle errors in
tools/pal2rgb.c.
- CVE-2019-6128
-- Marc Deslauriers <email address hidden> Mon, 11 Mar 2019 12:50:36 -0400
-
tiff (4.0.6-1ubuntu0.5) xenial-security; urgency=medium
* SECURITY UPDATE: NULL dereference in TIFFPrintDirectory
- debian/patches/CVE-2018-7456.patch: properly handle color channels in
libtiff/tif_dirread.c, libtiff/tif_print.c.
- CVE-2018-7456
* SECURITY UPDATE: buffer overflow in LZWDecodeCompat
- debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c.
- CVE-2018-8905
* SECURITY UPDATE: DoS in TIFFWriteDirectorySec()
- debian/patches/CVE-2018-10963.patch: avoid assertion in
libtiff/tif_dirwrite.c.
- CVE-2018-10963
* SECURITY UPDATE: multiple overflows
- debian/patches/CVE-2018-1710x.patch: Avoid overflows in
tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
- CVE-2018-17100
- CVE-2018-17101
* SECURITY UPDATE: JBIGDecode out-of-bounds write
- debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c,
libtiff/tif_read.c.
- CVE-2018-18557
* SECURITY UPDATE: NULL pointer dereference in LZWDecode
- debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c.
- CVE-2018-18661
-- Marc Deslauriers <email address hidden> Thu, 17 Jan 2019 09:21:11 -0500
-
tiff (4.0.6-1ubuntu0.4) xenial-security; urgency=medium
* SECURITY UPDATE: buffer overflow in gif2tiff
- debian/patches/CVE-2016-3186.patch: check return code in
tools/gif2tiff.c.
- CVE-2016-3186
* SECURITY UPDATE: buffer overflow in gif2tiff
- debian/patches/CVE-2016-5102.patch: make warning fatal in
tools/gif2tiff.c.
- CVE-2016-5102
* SECURITY UPDATE: multiple overflows
- debian/patches/CVE-2016-5318.patch: ignore certain fields in
libtiff/tif_dir.h, libtiff/tif_dirinfo.c, libtiff/tif_dirread.c.
- CVE-2016-5318
- CVE-2017-9147
* SECURITY UPDATE: bmp2tiff issues
- debian/patches/CVE-2017-5563_9117.patch: add check to
tools/bmp2tiff.c.
- CVE-2017-5563
- CVE-2017-9117
* SECURITY UPDATE: heap-based buffer overflow in t2p_write_pdf
- debian/patches/CVE-2017-9935-1.patch: fix transfer function handling
in libtiff/tif_dir.c, tools/tiff2pdf.c.
- debian/patches/CVE-2017-9935-2.patch: fix incorrect type for transfer
table in tools/tiff2pdf.c.
- CVE-2017-9935
* SECURITY UPDATE: DoS in TIFFOpen
- debian/patches/CVE-2017-11613-1.patch: avoid memory exhaustion in
libtiff/tif_dirread.c.
- debian/patches/CVE-2017-11613-2.patch: rework fix in
libtiff/tif_dirread.c.
- CVE-2017-11613
* SECURITY UPDATE: TIFFSetupStrips heap overflow in pal2rgb
- debian/patches/CVE-2017-17095.patch: add workaround to
tools/pal2rgb.c.
- CVE-2017-17095
-- Marc Deslauriers <email address hidden> Thu, 22 Mar 2018 10:16:37 -0400
-
tiff (4.0.6-1ubuntu0.3) xenial-security; urgency=medium
* SECURITY UPDATE: DoS in tif_read.c
- debian/patches/CVE-2016-10266.patch: fix uint32 overflow in
libtiff/tif_read.c, libtiff/tiffiop.h.
- CVE-2016-10266
* SECURITY UPDATE: DoS in tif_ojpeg.c
- debian/patches/CVE-2016-10267.patch: make OJPEGDecode() early exit in
case of failure in libtiff/tif_ojpeg.c.
- CVE-2016-10267
* SECURITY UPDATE: DoS in tif_unix.c
- debian/patches/CVE-2016-10268.patch: avoid uint32 underflow in
cpDecodedStrips in tools/tiffcp.c.
- CVE-2016-10268
* SECURITY UPDATE: DoS in tif_unix.c
- debian/patches/CVE-2016-10269.patch: fix heap-based buffer overflow
in libtiff/tif_luv.c, libtiff/tif_pixarlog.c.
- CVE-2016-10269
* SECURITY UPDATE: DoS in TIFFWriteDirectoryTagCheckedRational
- debian/patches/CVE-2016-10371.patch: replace assertion by runtime
check in libtiff/tif_dirwrite.c, tools/tiffcrop.c.
- CVE-2016-10371
* SECURITY UPDATE: DoS in putagreytile function
- debian/patches/CVE-2017-7592.patch: add explicit uint32 cast in
libtiff/tif_getimage.c.
- CVE-2017-7592
* SECURITY UPDATE: information disclosure in tif_read.c
- debian/patches/CVE-2017-7593.patch: use _TIFFcalloc() to zero in
libtiff/tif_read.c, libtiff/tif_unix.c, libtiff/tif_vms.c,
libtiff/tif_win32.c, libtiff/tiffio.h.
- CVE-2017-7593
* SECURITY UPDATE: DoS in OJPEGReadHeaderInfoSecTablesDcTable
- debian/patches/CVE-2017-7594-1.patch: fix leak in
libtiff/tif_ojpeg.c.
- debian/patches/CVE-2017-7594-2.patch: fix another leak in
libtiff/tif_ojpeg.c.
- CVE-2017-7594
* SECURITY UPDATE: DoS in JPEGSetupEncode
- debian/patches/CVE-2017-7595.patch: avoid integer division by zero in
libtiff/tif_jpeg.c.
- CVE-2017-7595
* SECURITY UPDATE: DoS via undefined behaviour
- debian/patches/CVE-2017-7596_7597_7599_7600.patch: avoir undefined
behaviour in libtiff/tif_dir.c, libtiff/tif_dirread.c,
libtiff/tif_dirwrite.c.
- CVE-2017-7596
- CVE-2017-7597
- CVE-2017-7599
- CVE-2017-7600
* SECURITY UPDATE: DoS via divide-by-zero
- debian/patches/CVE-2017-7598.patch: avoid division by floating point
0 in libtiff/tif_dirread.c.
- CVE-2017-7598
* SECURITY UPDATE: DoS via undefined behaviour
- debian/patches/CVE-2017-7601.patch: validate BitsPerSample in
libtiff/tif_jpeg.c.
- CVE-2017-7601
* SECURITY UPDATE: signed integer overflow
- debian/patches/CVE-2017-7602.patch: avoid potential undefined
behaviour in libtiff/tif_read.c.
- CVE-2017-7602
* SECURITY UPDATE: DoS via memory leak
- debian/patches/CVE-2017-9403_9815.patch: fix memory leak in
libtiff/tif_dirread.c, tools/tiff2ps.c.
- CVE-2017-9403
- CVE-2017-9815
* SECURITY UPDATE: DoS via memory leak
- debian/patches/CVE-2017-9404.patch: fix potential memory leak in
libtiff/tif_ojpeg.c.
- CVE-2017-9404
* SECURITY UPDATE: DoS via memory leak
- debian/patches/CVE-2017-9936.patch: fix memory leak in
libtiff/tif_jbig.c.
- CVE-2017-9936
* SECURITY UPDATE: DoS via assertion
- debian/patches/CVE-2017-10688.patch: replace assertion in
libtiff/tif_dirwrite.c.
- CVE-2017-10688
* SECURITY UPDATE: heap overflow in tiff2pdf.c
- debian/patches/CVE-2017-11335.patch: prevent heap buffer overflow
write in tools/tiff2pdf.c.
- CVE-2017-11335
* SECURITY UPDATE: DoS in TIFFReadDirEntryArray
- debian/patches/CVE-2017-12944.patch: add protection against excessive
memory allocation attempts in libtiff/tif_dirread.c.
- CVE-2017-12944
* SECURITY UPDATE: DoS via assertion
- debian/patches/CVE-2017-13726.patch: replace assertion in
libtiff/tif_dirwrite.c.
- CVE-2017-13726
* SECURITY UPDATE: DoS via assertion
- debian/patches/CVE-2017-13727.patch: replace assertion in
libtiff/tif_dirwrite.c.
- CVE-2017-13727
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
libtiff/tif_print.c.
- CVE-2017-18013
* SECURITY UPDATE: DoS via resource consumption
- debian/patches/CVE-2018-5784.patch: fix infinite loop in
contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
- CVE-2018-5784
-- Marc Deslauriers <email address hidden> Tue, 20 Mar 2018 08:00:42 -0400
-
tiff (4.0.6-1ubuntu0.2) xenial-security; urgency=medium
* SECURITY REGRESSION: JPEG tiff read and write issue due to misapplied
patches (LP: #1670036)
- debian/patches/CVE-2016-9297_and_CVE-2016-9448_correct.patch: replace
two previous patches with one that applies fix to correct location.
- Thanks to John Cupitt and Even Rouault
-- Marc Deslauriers <email address hidden> Mon, 29 May 2017 07:33:56 -0400
-
tiff (4.0.6-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: DoS via crafted field data in an extension tag
- debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c.
- CVE-2015-7554
* SECURITY UPDATE: DoS and possible code execution via large width field
in a BMP image
- debian/patches/CVE-2015-8668.patch: properly calculate size in
tools/bmp2tiff.c.
- CVE-2015-8668
* SECURITY UPDATE: heap-buffer-overflow in tiffcrop
- debian/patches/CVE-2016-10092.patch: properly increment buffer in
tools/tiffcrop.c.
- CVE-2016-10092
* SECURITY UPDATE: heap-based buffer overflow in tiffcp
- debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow
in tools/tiffcp.c.
- CVE-2016-10093
* SECURITY UPDATE: off-by-one error in tiff2pdf
- debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c.
- CVE-2016-10094
* SECURITY UPDATE: DoS in tiff2rgba tool
- debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in
libtiff/tif_getimage.c, libtiff/tif_predict.c.
- CVE-2016-3622
* SECURITY UPDATE: DoS in rgb2ycbcr tool
- debian/patches/CVE-2016-3623.patch: validate parameters in
tools/rgb2ycbcr.c.
- CVE-2016-3623
- CVE-2016-3624
* SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
- debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
tools/thumbnail.c.
- CVE-2016-3632
- CVE-2016-8331
* SECURITY UPDATE: DoS via out-of-bounds read
- debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel
change in libtiff/tif_dir.c, avoid null pointer dereference in
libtiff/tif_dirwrite.c
- CVE-2016-3658
* SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
- debian/patches/CVE-2016-3945.patch: fix integer overflow in
tools/tiff2rgba.c.
- CVE-2016-3945
* SECURITY UPDATE: DoS and possible code execution via overflow in
horizontalDifference8 function
- debian/patches/CVE-2016-3990.patch: add check to
libtiff/tif_pixarlog.c.
- CVE-2016-3990
* SECURITY UPDATE: DoS and possible code execution in tiffcrop
- debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
- CVE-2016-3991
- CVE-2016-5322
* SECURITY UPDATE: PixarLogDecode() out-of-bound writes
- debian/patches/CVE-2016-5314.patch: check size in
libtiff/tif_pixarlog.c.
- CVE-2016-5314
- CVE-2016-5315
- CVE-2016-5316
- CVE-2016-5317
- CVE-2016-5320
- CVE-2016-5875
* SECURITY UPDATE: DoS in DumpModeDecode function
- debian/patches/CVE-2016-5321.patch: limit number of samples in
tools/tiffcrop.c.
- CVE-2016-5321
* SECURITY UPDATE: DoS in _TIFFFax3fillruns function
- debian/patches/CVE-2016-5323.patch: limit number of samples in
tools/tiffcrop.c.
- CVE-2016-5323
* SECURITY UPDATE: DoS and possible code execution in tiff2pdf
- debian/patches/CVE-2016-5652.patch: properly handle markers in
tools/tiff2pdf.c.
- CVE-2016-5652
* SECURITY UPDATE: DoS and info disclosure via negative index
- debian/patches/CVE-2016-6223.patch: properly handle stripoffset in
libtiff/tif_read.c.
- CVE-2016-6223
* SECURITY UPDATE: DoS in tiffsplit
- debian/patches/CVE-2016-9273.patch: don't recompute value in
libtiff/tif_strip.c.
- CVE-2016-9273
* SECURITY UPDATE: DoS via crafted tag values
- debian/patches/CVE-2016-9297.patch: NULL-terminate values in
libtiff/tif_dirread.c.
- CVE-2016-9297
* SECURITY UPDATE: DoS caused by CVE-2016-9297
- debian/patches/CVE-2016-9448.patch: check for NULL in
libtiff/tif_dirread.c.
- CVE-2016-9448
* SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES
of length one
- debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
- CVE-2016-9453
* SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips
- debian/patches/CVE-2016-9532.patch: check for overflows in
tools/tiffcrop.c.
- CVE-2016-9532
* SECURITY UPDATE: multiple out-of-bounds writes issues
- debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
tools/tiffcrop.c.
- CVE-2016-9533
- CVE-2016-9534
- CVE-2016-9536
- CVE-2016-9537
* SECURITY UPDATE: assertion failure via unusual tile size
- debian/patches/CVE-2016-9535-1.patch: replace assertions with
runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h.
- debian/patches/CVE-2016-9535-2.patch: fix memory leaks in
libtiff/tif_predict.c.
- CVE-2016-9535
* SECURITY UPDATE: integer overflow in tiffcrop
- debian/patches/CVE-2016-9538.patch: fix undefined variable reads in
tools/tiffcp.c, tools/tiffcrop.c.
- CVE-2016-9538
* SECURITY UPDATE: out-of-bounds read in tiffcrop
- debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c.
- CVE-2016-9539
* SECURITY UPDATE: out-of-bounds write via odd tile width versus image
width
- debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c.
- CVE-2016-9540
* SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
- debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
- CVE-2017-5225
-- Marc Deslauriers <email address hidden> Fri, 24 Feb 2017 10:46:03 -0500
-
tiff (4.0.6-1) unstable; urgency=high
* New upstream release.
* Backport upstream fixes for:
- CVE-2015-8665 an out-of-bound read in TIFFRGBAImage interface,
- CVE-2015-8683 an out-of-bounds read in CIE Lab image format.
* Backport fix for potential out-of-bound writes in decode.
* Backport fix for potential out-of-bound write in NeXTDecode().
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 31 Dec 2015 16:22:24 +0100
-
tiff (4.0.5-1) unstable; urgency=medium
* Update László Böszörményi to Laszlo Boszormenyi (GCS)
* Add Vcs URLs to debian/control
* Imported Upstream version 4.0.5
* Remove all patches - they have been merged upstream
* Convert the package to pure debhelper and remove some legacy stuff
-- Ondřej Surý <email address hidden> Tue, 01 Sep 2015 13:10:55 +0200
-
tiff (4.0.3-12.3ubuntu2) vivid; urgency=medium
* SECURITY REGRESSION: regression when saving TIFF files with compression
predictor (LP: #1439186)
- debian/patches/CVE-2014-8128-5.patch: disable until proper upstream
fix is available.
-- Marc Deslauriers <email address hidden> Wed, 01 Apr 2015 14:02:39 -0400