Format: 1.8 Date: Fri, 24 Feb 2017 10:46:03 -0500 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: all amd64 Version: 4.0.6-1ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.6-1ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via crafted field data in an extension tag - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c. - CVE-2015-7554 * SECURITY UPDATE: DoS and possible code execution via large width field in a BMP image - debian/patches/CVE-2015-8668.patch: properly calculate size in tools/bmp2tiff.c. - CVE-2015-8668 * SECURITY UPDATE: heap-buffer-overflow in tiffcrop - debian/patches/CVE-2016-10092.patch: properly increment buffer in tools/tiffcrop.c. - CVE-2016-10092 * SECURITY UPDATE: heap-based buffer overflow in tiffcp - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow in tools/tiffcp.c. - CVE-2016-10093 * SECURITY UPDATE: off-by-one error in tiff2pdf - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c. - CVE-2016-10094 * SECURITY UPDATE: DoS in tiff2rgba tool - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in libtiff/tif_getimage.c, libtiff/tif_predict.c. - CVE-2016-3622 * SECURITY UPDATE: DoS in rgb2ycbcr tool - debian/patches/CVE-2016-3623.patch: validate parameters in tools/rgb2ycbcr.c. - CVE-2016-3623 - CVE-2016-3624 * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in tools/thumbnail.c. - CVE-2016-3632 - CVE-2016-8331 * SECURITY UPDATE: DoS via out-of-bounds read - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel change in libtiff/tif_dir.c, avoid null pointer dereference in libtiff/tif_dirwrite.c - CVE-2016-3658 * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool - debian/patches/CVE-2016-3945.patch: fix integer overflow in tools/tiff2rgba.c. - CVE-2016-3945 * SECURITY UPDATE: DoS and possible code execution via overflow in horizontalDifference8 function - debian/patches/CVE-2016-3990.patch: add check to libtiff/tif_pixarlog.c. - CVE-2016-3990 * SECURITY UPDATE: DoS and possible code execution in tiffcrop - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c. - CVE-2016-3991 - CVE-2016-5322 * SECURITY UPDATE: PixarLogDecode() out-of-bound writes - debian/patches/CVE-2016-5314.patch: check size in libtiff/tif_pixarlog.c. - CVE-2016-5314 - CVE-2016-5315 - CVE-2016-5316 - CVE-2016-5317 - CVE-2016-5320 - CVE-2016-5875 * SECURITY UPDATE: DoS in DumpModeDecode function - debian/patches/CVE-2016-5321.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5321 * SECURITY UPDATE: DoS in _TIFFFax3fillruns function - debian/patches/CVE-2016-5323.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5323 * SECURITY UPDATE: DoS and possible code execution in tiff2pdf - debian/patches/CVE-2016-5652.patch: properly handle markers in tools/tiff2pdf.c. - CVE-2016-5652 * SECURITY UPDATE: DoS and info disclosure via negative index - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in libtiff/tif_read.c. - CVE-2016-6223 * SECURITY UPDATE: DoS in tiffsplit - debian/patches/CVE-2016-9273.patch: don't recompute value in libtiff/tif_strip.c. - CVE-2016-9273 * SECURITY UPDATE: DoS via crafted tag values - debian/patches/CVE-2016-9297.patch: NULL-terminate values in libtiff/tif_dirread.c. - CVE-2016-9297 * SECURITY UPDATE: DoS caused by CVE-2016-9297 - debian/patches/CVE-2016-9448.patch: check for NULL in libtiff/tif_dirread.c. - CVE-2016-9448 * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES of length one - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c. - CVE-2016-9453 * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips - debian/patches/CVE-2016-9532.patch: check for overflows in tools/tiffcrop.c. - CVE-2016-9532 * SECURITY UPDATE: multiple out-of-bounds writes issues - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2016-9533 - CVE-2016-9534 - CVE-2016-9536 - CVE-2016-9537 * SECURITY UPDATE: assertion failure via unusual tile size - debian/patches/CVE-2016-9535-1.patch: replace assertions with runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h. - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in libtiff/tif_predict.c. - CVE-2016-9535 * SECURITY UPDATE: integer overflow in tiffcrop - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in tools/tiffcp.c, tools/tiffcrop.c. - CVE-2016-9538 * SECURITY UPDATE: out-of-bounds read in tiffcrop - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c. - CVE-2016-9539 * SECURITY UPDATE: out-of-bounds write via odd tile width versus image width - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c. - CVE-2016-9540 * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c. - CVE-2017-5225 Checksums-Sha1: 70001d4d31c8fbb034ce3a90d21680467b0f1690 305588 libtiff-doc_4.0.6-1ubuntu0.1_all.deb 6ec991cef4e31b130f9e867bfa8e749be4992458 11916 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb d0193c2e9ed7a51b52b7d2e33c35db3006b64b0c 10416 libtiff-opengl_4.0.6-1ubuntu0.1_amd64.deb 6000497965ce7dd44ff3b7e476a4f1229f898d28 289416 libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb 9d0c75f53acdc5ffe4801804020dce0471ec892e 220632 libtiff-tools_4.0.6-1ubuntu0.1_amd64.deb 20518b2af47b19d0417afbf8a2b459d722e55cee 260184 libtiff5-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb 3dca6e6927ec44a451b8751bb4f01d1baf416b45 266648 libtiff5-dev_4.0.6-1ubuntu0.1_amd64.deb 7c8194e9b36f28d9f3e5ee003c814f66fec037e3 145528 libtiff5_4.0.6-1ubuntu0.1_amd64.deb e8843788712dccf7a3d0848de8dad6602e09e030 14976 libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb a95da1c7ffab52ee093d5ec314a7b953513bc255 5588 libtiffxx5_4.0.6-1ubuntu0.1_amd64.deb Checksums-Sha256: 32ae05ffef9874460090fca917978144746cc74ee858ab1ba63c978e27c9de47 305588 libtiff-doc_4.0.6-1ubuntu0.1_all.deb fe0e72985df078a31ba7b32ccabd18bfda798d8e10a5da3efcebda6d7416db7d 11916 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb cdda0236f13032b468dc6ba04e13f4f15de875a1fcf7e29b556defdb85475d4e 10416 libtiff-opengl_4.0.6-1ubuntu0.1_amd64.deb 23bc00bed9208c912bce0bba90b57ba2f1316c73aa83bb929e6d3b6baf607f97 289416 libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb 1e5cf5f83c603367004573b2e9b63dc243239630dbdea0055cf2db43af8cf017 220632 libtiff-tools_4.0.6-1ubuntu0.1_amd64.deb f62633f484358a799a323ea59b1bb96c22f429e091e28c6ead14d7a7d186128e 260184 libtiff5-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb 3152e2ce90f2752c40a0a8d97cbcaebf23a04b46bb9fb627501570170f98038d 266648 libtiff5-dev_4.0.6-1ubuntu0.1_amd64.deb b3170ee228cb91e4e0f920fc6a10f8cd24a43cf88530b8da48d2b4911aa70f04 145528 libtiff5_4.0.6-1ubuntu0.1_amd64.deb 44c67f84f3d2f67686d2422dbb5eb17b966415c7d283a45966ffbc693c8e920e 14976 libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb 3a138c70796a77bf3de8e49020f4218b697a10717eebd6b72a8b0102b49a6166 5588 libtiffxx5_4.0.6-1ubuntu0.1_amd64.deb Files: 70a30de9f45f5cf6545df16d3f3b76af 305588 doc optional libtiff-doc_4.0.6-1ubuntu0.1_all.deb 464753c091ac4be6105fd58c48b10c3c 11916 graphics extra libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb ade1275e7dd1c10459dc34236831e885 10416 graphics optional libtiff-opengl_4.0.6-1ubuntu0.1_amd64.deb 0031e432f06d89bc594c946f565426c6 289416 graphics extra libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb e66e92e8e30f4356ecb49575b7ceafa1 220632 graphics optional libtiff-tools_4.0.6-1ubuntu0.1_amd64.deb a197168da9692d5f9231b7f25154a9ac 260184 libs extra libtiff5-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb b59a8200cebaf9c212dfe8c0f8e4bd53 266648 libdevel optional libtiff5-dev_4.0.6-1ubuntu0.1_amd64.deb 549daa6bd5cc34c66459b98700407141 145528 libs optional libtiff5_4.0.6-1ubuntu0.1_amd64.deb 063c230e1c314aa26e6e613a4966f6c5 14976 libs extra libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_amd64.ddeb 35bd9ecafbf0cc6d519b9b911d3a230b 5588 libs optional libtiffxx5_4.0.6-1ubuntu0.1_amd64.deb Original-Maintainer: Ondřej Surý