Ubuntu
tiff package

Change logs for tiff source package in Artful

Artful (17.10)
Change log

tiff (4.0.8-5ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in t2p_write_pdf
    - debian/patches/CVE-2017-9935-1.patch: fix transfer function handling
      in libtiff/tif_dir.c, tools/tiff2pdf.c.
    - debian/patches/CVE-2017-9935-2.patch: fix incorrect type for transfer
      table in tools/tiff2pdf.c.
    - CVE-2017-9935
  * SECURITY UPDATE: DoS in TIFFOpen
    - debian/patches/CVE-2017-11613-1.patch: avoid memory exhaustion in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2017-11613-2.patch: rework fix in
      libtiff/tif_dirread.c.
    - CVE-2017-11613
  * SECURITY UPDATE: DoS in TIFFReadDirEntryArray
    - debian/patches/CVE-2017-12944.patch: add protection against excessive
      memory allocation attempts in libtiff/tif_dirread.c.
    - CVE-2017-12944
  * SECURITY UPDATE: TIFFSetupStrips heap overflow in pal2rgb
    - debian/patches/CVE-2017-17095.patch: add workaround to
      tools/pal2rgb.c.
    - CVE-2017-17095
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
      libtiff/tif_print.c.
    - CVE-2017-18013
  * SECURITY UPDATE: DoS via resource consumption
    - debian/patches/CVE-2018-5784.patch: fix infinite loop in
      contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
    - CVE-2018-5784

 -- Marc Deslauriers <email address hidden>  Thu, 22 Mar 2018 09:52:02 -0400

tiff (4.0.8-5) unstable; urgency=high

  * Backport security fixes:
    - CVE-2017-13726, reachable assertion abort in TIFFWriteDirectorySec()
      (closes: #873880),
    - CVE-2017-13727, reachable assertion abort in
      TIFFWriteDirectoryTagSubifd() (closes: #873879).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 31 Aug 2017 21:09:59 +0000

tiff (4.0.8-4) unstable; urgency=high

  * Fix regression in the decoding of old-style LZW compressed files.
  * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
    (closes: #868513).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 16 Jul 2017 11:07:56 +0000

tiff (4.0.8-3) unstable; urgency=high

  * Backport security fixes:
    - CVE-2017-9936, memory leak in error code path of JBIGDecode()
      (closes: #866113),
    - prevent out of memory in gtTileContig() on corrupted files,
    - CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
      (closes: #866611).
  * Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
    libtiff5 package.
  * Update Standards-Version to 4.0.0 .

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 01 Jul 2017 18:13:15 +0000

tiff (4.0.8-2) unstable; urgency=high

  * Backport security fixes:
    - TIFFYCbCrToRGBInit(): stricter clamping to avoid int32 overflow in
      TIFFYCbCrtoRGB(),
    - initYCbCrConversion(): stricter validation for refBlackWhite
      coefficients values - to avoid invalid float->int32 conversion,
    - CVE-2016-10095 and CVE-2017-9147: add _TIFFCheckFieldIsValidForCodec()
      and use it in TIFFReadDirectory() (closes: #850316, #863185).
  * Add required _TIFFCheckFieldIsValidForCodec@LIBTIFF_4.0 symbol to the
    libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 01 Jun 2017 17:56:08 +0000

tiff (4.0.8-1) unstable; urgency=high

  * New upstream release of merged security fixes.
  * Add required TIFFReadRGBAStripExt@LIBTIFF_4.0 and
    TIFFReadRGBATileExt@LIBTIFF_4.0 symbols to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 24 May 2017 19:49:04 +0000

tiff (4.0.7-7) unstable; urgency=high

  * Backport security fix for CVE-2016-10371 (closes: #862929).
  * Backport security fix for CVE-2015-7554 (closes: #809066, #842043).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 20 May 2017 16:35:43 +0000

tiff (4.0.7-6) unstable; urgency=high

  * Backport security fixes:
    - CVE-2017-7595, divide-by-zero in JPEGSetupEncode (closes: #860003),
    - CVE-2017-7596, CVE-2017-7597, CVE-2017-7598,CVE-2017-7599 CVE-2017-7600,
      CVE-2017-7601 and CVE-2017-7602, multiple UBSAN crashes,
    - CVE-2017-7592, left-shift undefined behavior issue in putagreytile
      (closes: #859998),
    - CVE-2017-7593, unitialized-memory access from tif_rawdata
      (closes: #860000),
    - CVE-2017-7594, leak in OJPEGReadHeaderInfoSecTablesAcTable
      (closes: #860001).
  * Add required _TIFFcalloc@LIBTIFF_4.0 symbol to the libtiff5 package.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 14 Apr 2017 07:21:47 +0000

tiff (4.0.7-5) unstable; urgency=high

  * Fix CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value
    (closes: #851297).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 15 Jan 2017 16:49:05 +0000

Ubuntutiff package

Change logs for tiff source package in Artful

Ubuntu
tiff package