Format: 1.8
Date: Thu, 17 Jan 2019 09:13:55 -0500
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source
Version: 4.0.9-5ubuntu0.1
Distribution: bionic-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files, current
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.0.9-5ubuntu0.1) bionic-security; urgency=medium
 .
   * SECURITY UPDATE: buffer overflow in LZWDecodeCompat
     - debian/patches/CVE-2018-8905.patch: fix logic in libtiff/tif_lzw.c.
     - CVE-2018-8905
   * SECURITY UPDATE: DoS in TIFFWriteDirectorySec()
     - debian/patches/CVE-2018-10963.patch: avoid assertion in
       libtiff/tif_dirwrite.c.
     - CVE-2018-10963
   * SECURITY UPDATE: multiple overflows
     - debian/patches/CVE-2018-1710x.patch: Avoid overflows in
       tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
     - CVE-2018-17100
     - CVE-2018-17101
   * SECURITY UPDATE: JBIGDecode out-of-bounds write
     - debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c,
       libtiff/tif_read.c.
     - CVE-2018-18557
   * SECURITY UPDATE: NULL pointer dereference in LZWDecode
     - debian/patches/CVE-2018-18661.patch: add checks to tools/tiff2bw.c.
     - CVE-2018-18661
Checksums-Sha1:
 24bef09a79a5e911b5380189376ae621993b8c45 2299 tiff_4.0.9-5ubuntu0.1.dsc
 0cb3c208af733e52508ed8550adbc4ad09acc58f 26020 tiff_4.0.9-5ubuntu0.1.debian.tar.xz
 305ae6a28600fe75fc98f680cde6bcdbe8d7e461 9204 tiff_4.0.9-5ubuntu0.1_source.buildinfo
Checksums-Sha256:
 ba50d0bcb97552e6f6b74e2728565f4164f5d1942d29ef2516ab977da4e60913 2299 tiff_4.0.9-5ubuntu0.1.dsc
 af565f62c19b54ffceceb7c2d1884f10e13b6710bab9927f5e22ffeb41ab8f59 26020 tiff_4.0.9-5ubuntu0.1.debian.tar.xz
 b79ff562efe3d0c7b92953c0e8d3a049b185f2be37e613277483c9b0ac7e8e61 9204 tiff_4.0.9-5ubuntu0.1_source.buildinfo
Files:
 40a99050c6f76a0e26049e89e2466ceb 2299 libs optional tiff_4.0.9-5ubuntu0.1.dsc
 c84459b18891ea7ebdec40c7f2f3e9f1 26020 libs optional tiff_4.0.9-5ubuntu0.1.debian.tar.xz
 f9d8ab2c3012cce6fa17b34461425be5 9204 libs optional tiff_4.0.9-5ubuntu0.1_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>