Format: 1.8 Date: Fri, 24 Feb 2017 10:46:03 -0500 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: powerpc Version: 4.0.6-1ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.6-1ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via crafted field data in an extension tag - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c. - CVE-2015-7554 * SECURITY UPDATE: DoS and possible code execution via large width field in a BMP image - debian/patches/CVE-2015-8668.patch: properly calculate size in tools/bmp2tiff.c. - CVE-2015-8668 * SECURITY UPDATE: heap-buffer-overflow in tiffcrop - debian/patches/CVE-2016-10092.patch: properly increment buffer in tools/tiffcrop.c. - CVE-2016-10092 * SECURITY UPDATE: heap-based buffer overflow in tiffcp - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow in tools/tiffcp.c. - CVE-2016-10093 * SECURITY UPDATE: off-by-one error in tiff2pdf - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c. - CVE-2016-10094 * SECURITY UPDATE: DoS in tiff2rgba tool - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in libtiff/tif_getimage.c, libtiff/tif_predict.c. - CVE-2016-3622 * SECURITY UPDATE: DoS in rgb2ycbcr tool - debian/patches/CVE-2016-3623.patch: validate parameters in tools/rgb2ycbcr.c. - CVE-2016-3623 - CVE-2016-3624 * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in tools/thumbnail.c. - CVE-2016-3632 - CVE-2016-8331 * SECURITY UPDATE: DoS via out-of-bounds read - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel change in libtiff/tif_dir.c, avoid null pointer dereference in libtiff/tif_dirwrite.c - CVE-2016-3658 * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool - debian/patches/CVE-2016-3945.patch: fix integer overflow in tools/tiff2rgba.c. - CVE-2016-3945 * SECURITY UPDATE: DoS and possible code execution via overflow in horizontalDifference8 function - debian/patches/CVE-2016-3990.patch: add check to libtiff/tif_pixarlog.c. - CVE-2016-3990 * SECURITY UPDATE: DoS and possible code execution in tiffcrop - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c. - CVE-2016-3991 - CVE-2016-5322 * SECURITY UPDATE: PixarLogDecode() out-of-bound writes - debian/patches/CVE-2016-5314.patch: check size in libtiff/tif_pixarlog.c. - CVE-2016-5314 - CVE-2016-5315 - CVE-2016-5316 - CVE-2016-5317 - CVE-2016-5320 - CVE-2016-5875 * SECURITY UPDATE: DoS in DumpModeDecode function - debian/patches/CVE-2016-5321.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5321 * SECURITY UPDATE: DoS in _TIFFFax3fillruns function - debian/patches/CVE-2016-5323.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5323 * SECURITY UPDATE: DoS and possible code execution in tiff2pdf - debian/patches/CVE-2016-5652.patch: properly handle markers in tools/tiff2pdf.c. - CVE-2016-5652 * SECURITY UPDATE: DoS and info disclosure via negative index - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in libtiff/tif_read.c. - CVE-2016-6223 * SECURITY UPDATE: DoS in tiffsplit - debian/patches/CVE-2016-9273.patch: don't recompute value in libtiff/tif_strip.c. - CVE-2016-9273 * SECURITY UPDATE: DoS via crafted tag values - debian/patches/CVE-2016-9297.patch: NULL-terminate values in libtiff/tif_dirread.c. - CVE-2016-9297 * SECURITY UPDATE: DoS caused by CVE-2016-9297 - debian/patches/CVE-2016-9448.patch: check for NULL in libtiff/tif_dirread.c. - CVE-2016-9448 * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES of length one - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c. - CVE-2016-9453 * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips - debian/patches/CVE-2016-9532.patch: check for overflows in tools/tiffcrop.c. - CVE-2016-9532 * SECURITY UPDATE: multiple out-of-bounds writes issues - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2016-9533 - CVE-2016-9534 - CVE-2016-9536 - CVE-2016-9537 * SECURITY UPDATE: assertion failure via unusual tile size - debian/patches/CVE-2016-9535-1.patch: replace assertions with runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h. - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in libtiff/tif_predict.c. - CVE-2016-9535 * SECURITY UPDATE: integer overflow in tiffcrop - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in tools/tiffcp.c, tools/tiffcrop.c. - CVE-2016-9538 * SECURITY UPDATE: out-of-bounds read in tiffcrop - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c. - CVE-2016-9539 * SECURITY UPDATE: out-of-bounds write via odd tile width versus image width - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c. - CVE-2016-9540 * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c. - CVE-2017-5225 Checksums-Sha1: bfb41d36c24f969965a9d5972a184b6f40dcf71b 12330 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb 6a8ed8425c1dd15899346b34b9bd41d0d1f5bd6b 10530 libtiff-opengl_4.0.6-1ubuntu0.1_powerpc.deb 1e352f26400b6001e0279e21dd85eb9d1c9fdc0b 277948 libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb d0d9036f3d961c2689f28ed2e4ae1cd6282cd872 210218 libtiff-tools_4.0.6-1ubuntu0.1_powerpc.deb 43bdfce779a14bc8cf1fa6ba10be84c48412a348 248478 libtiff5-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb ea9ca4a1a90fc928ee68f863594187506382f187 248250 libtiff5-dev_4.0.6-1ubuntu0.1_powerpc.deb 8b5e9712403814970ea4bcebaa8bec63e0a62ccb 132408 libtiff5_4.0.6-1ubuntu0.1_powerpc.deb 4b069c547acd0c3deb883b68277fe9f877c43530 14882 libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb 48a66380bc44789fadbee1a4ce33132076eaf443 6216 libtiffxx5_4.0.6-1ubuntu0.1_powerpc.deb Checksums-Sha256: bf6fd2cf4b4fa8e10742f881ea8825f2301ab7043378d3cbeec2bb3708c8d679 12330 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb a67dee5ae6ec3f71b8c2734c5da45667e1248381fd946f60667c86e2c311c709 10530 libtiff-opengl_4.0.6-1ubuntu0.1_powerpc.deb 38cad8307bae0f984b72f8f64b43b4092a3f3c4729739eba23a8d95f4a72af4c 277948 libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb aa7ecd44d6333884ec18d45299b78297330f94aebc9372141c90be9e74fffa2a 210218 libtiff-tools_4.0.6-1ubuntu0.1_powerpc.deb 06143b70de31dd2670a19616d6396b9b1e4a670820ecac31bb818071e643a335 248478 libtiff5-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb df9e5e390535f586476e54f345254af5afd6c7363fcd6a2d88074600936cb2bf 248250 libtiff5-dev_4.0.6-1ubuntu0.1_powerpc.deb de851af02a34b8589c70202e047b35827a1a5b5d7be60f84254521e6e82478db 132408 libtiff5_4.0.6-1ubuntu0.1_powerpc.deb ac812f395906a8dcea474f9b604010ae6fcf6261aa0091e8b2e49fbbb865f15e 14882 libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb 08336a3febf7c2038ac53cdde1e2c89a308170c46848d8ce3d567fc41e25e043 6216 libtiffxx5_4.0.6-1ubuntu0.1_powerpc.deb Files: 7d95c48a1af6fdf40460639af4edd24b 12330 graphics extra libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb 86c3807feba791f56f9061164db6b9ae 10530 graphics optional libtiff-opengl_4.0.6-1ubuntu0.1_powerpc.deb 753067cc4e4fde0ef21c99ac517c3182 277948 graphics extra libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb 23f6a3ee894b6fb87a0dde4274792691 210218 graphics optional libtiff-tools_4.0.6-1ubuntu0.1_powerpc.deb b0e91e716a54c2b3d4197e9d2155f7c5 248478 libs extra libtiff5-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb a63a0dbe05dc81fe82ccbf7e5d1ea06d 248250 libdevel optional libtiff5-dev_4.0.6-1ubuntu0.1_powerpc.deb 523efa9451ae21feae16bc58139ec2ee 132408 libs optional libtiff5_4.0.6-1ubuntu0.1_powerpc.deb 181a9fe27ece4a67869f925e721da1a7 14882 libs extra libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_powerpc.ddeb 8cc6b98262acd43133e6a88ee97a43b5 6216 libs optional libtiffxx5_4.0.6-1ubuntu0.1_powerpc.deb Original-Maintainer: Ondřej Surý