-
tiff (4.0.7-5) unstable; urgency=high
* Fix CVE-2017-5225: heap buffer overflow via a crafted BitsPerSample value
(closes: #851297).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 15 Jan 2017 16:49:05 +0000
-
tiff (4.0.7-4) unstable; urgency=high
* Fix CVE-2016-10094: heap-based overflow in t2p_readwrite_pdf_image_tile().
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 01 Jan 2017 19:03:49 +0000
-
tiff (4.0.7-3) unstable; urgency=medium
* Backport upstream fix of TIFFFaxTabEnt structure.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 13 Dec 2016 19:02:25 +0000
-
tiff (4.0.7-2) unstable; urgency=high
* Backport security fixes:
- fix uint32 overflow in TIFFReadEncodedStrip() that caused an integer
division by zero,
- avoid uint32 underflow in cpDecodedStrips that can cause various
issues, such as buffer overflows in the library,
- fix heap-based buffer overflow on generation of PixarLog / LUV
compressed files, with ColorMap, TransferFunction attached and nasty
plays with bitspersample,
- fix ChopUpSingleUncompressedStrip() in reading outside of the
StripByCounts/StripOffsets arrays when using TIFFReadScanline()
(closes: #846837),
- make OJPEGDecode() early exit in case of failure in OJPEGPreDecode() to
avoid a divide by zero, and potential other issues,
- fix readContigStripsIntoBuffer() in -i (ignore) mode so that the
output buffer is correctly incremented to avoid write outside bounds,
- add 3 extra bytes at end of strip buffer in
readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
buffer,
- fix integer division by zero when BitsPerSample is missing
(closes: #846838),
- fix null pointer dereference in -r mode when the image has no
StripByteCount tag,
- avoid potential division by zero if BitsPerSamples tag is missing,
- limit the return number of inks to SamplesPerPixel in
TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) , so that code that parses ink
names doesn't go past the end of the buffer,
- avoid another potential division by zero if BitsPerSamples tag is
missing,
- fix uint32 underflow/overflow that can cause heap-based buffer overflow,
- replace assert( (bps % 8) == 0 ) by a non assert check.
* Remove thumbnail and rgb2ycbcr documentations, these tools no longer
present.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sun, 04 Dec 2016 12:24:44 +0000
-
tiff (4.0.7-1) unstable; urgency=high
* New upstream release.
* Fixes the following vulnerabilities:
- CVE-2015-7313, OOM when parsing crafted tiff files (closes: #800124),
- CVE-2016-3622, denial of service (divide-by-zero error) via
the fpAcc function in tif_predict.c (closes: #820365),
- CVE-2016-3945, multiple integer overflows in the tiff2rgba tool,
- CVE-2016-3990, write buffer overflow in PixarLogEncode,
- CVE-2016-3991 and CVE-2016-5322, heap-based buffer overflow in the
loadImage function,
- CVE-2016-9273, heap-buffer-overflow in cpStrips (closes: #844013),
- CVE-2016-9297, segfault in _TIFFPrintField() (closes: #844226),
- CVE-2016-9448, in TIFFFetchNormalTag(), do not dereference NULL pointer
(regression of CVE-2016-9297),
- heap buffer overflow via writeBufferToSeparateStrips() in tiffcrop.
* Remove backported vulnerability fixes, this release contains those.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 19 Nov 2016 18:05:24 +0000
-
tiff (4.0.6-3) unstable; urgency=high
* Fix architecture independent only build (closes: #806118).
* Fix CVE-2015-8668 , CVE-2016-3619 , CVE-2016-3620 (closes: #820363),
CVE-2016-3621 (closes: #820364) and CVE-2016-5319 with removing bmp2tiff
(closes: #820364).
* Fix CVE-2016-3186 and CVE-2016-5102 with removing gif2tiff.
* Fix CVE-2016-3631 (closes: #820366), CVE-2016-3632 , CVE-2016-3633 ,
CVE-2016-3634 and CVE-2016-8331 with removing thumbnail.
* Backport upstream fix for CVE-2016-3623 and CVE-2016-3624 .
* Backport upstream fix for CVE-2016-5652 (closes: #842361).
* Backport upstream fix for CVE-2016-3658 .
* Removed vulnerable, unsupported tools (closes: #827484, #842046).
* Comment out Vcs fields for now.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 31 Oct 2016 15:56:56 +0000
-
tiff (4.0.6-2) unstable; urgency=high
* Backport fix for the following vulnerabilities:
- CVE-2016-5314, PixarLogDecode() heap-based buffer overflow
(closes: #830700),
- CVE-2016-5316, PixarLogCleanup() Segmentation fault,
- CVE-2016-5320, rgb2ycbcr: command excution,
- CVE-2016-5875, heap-based buffer overflow when using the PixarLog
compression format,
- CVE-2016-6223, information leak in libtiff/tif_read.c ,
- CVE-2016-5321, DumpModeDecode(): Ddos,
- CVE-2016-5323, tiffcrop _TIFFFax3fillruns(): NULL pointer dereference.
* Be primary maintainer and keep Ondřej as uploader.
* Update Standards-Version to 3.9.8 .
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 16 Jul 2016 11:45:21 +0000
