tiff (4.4.0-5ubuntu2) lunar; urgency=medium
* Update symbols file for i386 where we build without LERC
tiff (4.4.0-5ubuntu1) lunar; urgency=medium
* Merge from Debian unstable (LP #1997278). Remaining differences:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
- Add CVE-2022-2519_2520_2521_2953.patch (Closes: #1024670)
* Use Debian's patches for the fixes for the other recent CVEs
tiff (4.4.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627,
out of bounds write and denial of service via a crafted TIFF file.
* Backport security fix for CVE-2022-3570, multiple heap buffer overflows
via crafted TIFF file.
* Backport security fix for CVE-2022-3599, denial-of-service via a crafted
TIFF file.
* Backport security fix for CVE-2022-3598, denial-of-service via a crafted
TIFF file (closes: #1022555).
-- Jeremy Bicha <email address hidden> Wed, 23 Nov 2022 08:38:35 -0500