Format: 1.8
Date: Thu, 17 Jan 2019 09:21:11 -0500
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 4.0.6-1ubuntu0.5
Distribution: xenial-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.0.6-1ubuntu0.5) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: NULL dereference in TIFFPrintDirectory
     - debian/patches/CVE-2018-7456.patch: properly handle color channels in
       libtiff/tif_dirread.c, libtiff/tif_print.c.
     - CVE-2018-7456
   * SECURITY UPDATE: buffer overflow in LZWDecodeCompat
     - debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c.
     - CVE-2018-8905
   * SECURITY UPDATE: DoS in TIFFWriteDirectorySec()
     - debian/patches/CVE-2018-10963.patch: avoid assertion in
       libtiff/tif_dirwrite.c.
     - CVE-2018-10963
   * SECURITY UPDATE: multiple overflows
     - debian/patches/CVE-2018-1710x.patch: Avoid overflows in
       tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
     - CVE-2018-17100
     - CVE-2018-17101
   * SECURITY UPDATE: JBIGDecode out-of-bounds write
     - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c,
       libtiff/tif_read.c.
     - CVE-2018-18557
   * SECURITY UPDATE: NULL pointer dereference in LZWDecode
     - debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c.
     - CVE-2018-18661
Checksums-Sha1:
 776854d666417eb8fb3d1673bbe7996e3d1c3199 2399 tiff_4.0.6-1ubuntu0.5.dsc
 7ef6a456144721818144ed106a4e20ab9e5eb1f9 58544 tiff_4.0.6-1ubuntu0.5.debian.tar.xz
Checksums-Sha256:
 70955fdde28324827f8bf3a10af3531b859bf70a76fd2885a52e7d9b753e5388 2399 tiff_4.0.6-1ubuntu0.5.dsc
 ae9df02a3d84895215b6d19fc9e22376f490156faca63de46f1e7a8396089d8a 58544 tiff_4.0.6-1ubuntu0.5.debian.tar.xz
Files:
 447ef01ba72f5b68e856d778a8fefd6a 2399 libs optional tiff_4.0.6-1ubuntu0.5.dsc
 69777fdc3beacb98cab49b6c07ea854c 58544 libs optional tiff_4.0.6-1ubuntu0.5.debian.tar.xz
Original-Maintainer: Ondřej Surý <ondrej@debian.org>