Format: 1.8 Date: Fri, 24 Feb 2017 10:46:03 -0500 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: s390x Version: 4.0.6-1ubuntu0.1 Distribution: xenial Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.6-1ubuntu0.1) xenial-security; urgency=medium . * SECURITY UPDATE: DoS via crafted field data in an extension tag - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c. - CVE-2015-7554 * SECURITY UPDATE: DoS and possible code execution via large width field in a BMP image - debian/patches/CVE-2015-8668.patch: properly calculate size in tools/bmp2tiff.c. - CVE-2015-8668 * SECURITY UPDATE: heap-buffer-overflow in tiffcrop - debian/patches/CVE-2016-10092.patch: properly increment buffer in tools/tiffcrop.c. - CVE-2016-10092 * SECURITY UPDATE: heap-based buffer overflow in tiffcp - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow in tools/tiffcp.c. - CVE-2016-10093 * SECURITY UPDATE: off-by-one error in tiff2pdf - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c. - CVE-2016-10094 * SECURITY UPDATE: DoS in tiff2rgba tool - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in libtiff/tif_getimage.c, libtiff/tif_predict.c. - CVE-2016-3622 * SECURITY UPDATE: DoS in rgb2ycbcr tool - debian/patches/CVE-2016-3623.patch: validate parameters in tools/rgb2ycbcr.c. - CVE-2016-3623 - CVE-2016-3624 * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in tools/thumbnail.c. - CVE-2016-3632 - CVE-2016-8331 * SECURITY UPDATE: DoS via out-of-bounds read - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel change in libtiff/tif_dir.c, avoid null pointer dereference in libtiff/tif_dirwrite.c - CVE-2016-3658 * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool - debian/patches/CVE-2016-3945.patch: fix integer overflow in tools/tiff2rgba.c. - CVE-2016-3945 * SECURITY UPDATE: DoS and possible code execution via overflow in horizontalDifference8 function - debian/patches/CVE-2016-3990.patch: add check to libtiff/tif_pixarlog.c. - CVE-2016-3990 * SECURITY UPDATE: DoS and possible code execution in tiffcrop - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c. - CVE-2016-3991 - CVE-2016-5322 * SECURITY UPDATE: PixarLogDecode() out-of-bound writes - debian/patches/CVE-2016-5314.patch: check size in libtiff/tif_pixarlog.c. - CVE-2016-5314 - CVE-2016-5315 - CVE-2016-5316 - CVE-2016-5317 - CVE-2016-5320 - CVE-2016-5875 * SECURITY UPDATE: DoS in DumpModeDecode function - debian/patches/CVE-2016-5321.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5321 * SECURITY UPDATE: DoS in _TIFFFax3fillruns function - debian/patches/CVE-2016-5323.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5323 * SECURITY UPDATE: DoS and possible code execution in tiff2pdf - debian/patches/CVE-2016-5652.patch: properly handle markers in tools/tiff2pdf.c. - CVE-2016-5652 * SECURITY UPDATE: DoS and info disclosure via negative index - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in libtiff/tif_read.c. - CVE-2016-6223 * SECURITY UPDATE: DoS in tiffsplit - debian/patches/CVE-2016-9273.patch: don't recompute value in libtiff/tif_strip.c. - CVE-2016-9273 * SECURITY UPDATE: DoS via crafted tag values - debian/patches/CVE-2016-9297.patch: NULL-terminate values in libtiff/tif_dirread.c. - CVE-2016-9297 * SECURITY UPDATE: DoS caused by CVE-2016-9297 - debian/patches/CVE-2016-9448.patch: check for NULL in libtiff/tif_dirread.c. - CVE-2016-9448 * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES of length one - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c. - CVE-2016-9453 * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips - debian/patches/CVE-2016-9532.patch: check for overflows in tools/tiffcrop.c. - CVE-2016-9532 * SECURITY UPDATE: multiple out-of-bounds writes issues - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2016-9533 - CVE-2016-9534 - CVE-2016-9536 - CVE-2016-9537 * SECURITY UPDATE: assertion failure via unusual tile size - debian/patches/CVE-2016-9535-1.patch: replace assertions with runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h. - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in libtiff/tif_predict.c. - CVE-2016-9535 * SECURITY UPDATE: integer overflow in tiffcrop - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in tools/tiffcp.c, tools/tiffcrop.c. - CVE-2016-9538 * SECURITY UPDATE: out-of-bounds read in tiffcrop - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c. - CVE-2016-9539 * SECURITY UPDATE: out-of-bounds write via odd tile width versus image width - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c. - CVE-2016-9540 * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c. - CVE-2017-5225 Checksums-Sha1: aac4aa412217fc0dfe407b13989f975b7a6f7c71 11244 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 5d32b8f390893a7d5a84af5c6b98ae9e7cede92d 10440 libtiff-opengl_4.0.6-1ubuntu0.1_s390x.deb d0e7241ad53d2b3b9424f9899a2f0f31f3ce7084 268178 libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 2c4f6419d1a999b24e5a1982ae8815600d25c360 214586 libtiff-tools_4.0.6-1ubuntu0.1_s390x.deb cfe94b1bff86023f53de111a4be7964367e85a7f 250700 libtiff5-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb fac1d771603e272b9463a44c11da74737b038dc2 262930 libtiff5-dev_4.0.6-1ubuntu0.1_s390x.deb 30ce11b649bbd43af7db442d708412602edab3e8 141038 libtiff5_4.0.6-1ubuntu0.1_s390x.deb 2b8139068757dc91c5f0829ce73e4cd6ebdc4c0b 14556 libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 1449cc7ee47f74bcd7ccf1e87a119c580bfc62b3 5722 libtiffxx5_4.0.6-1ubuntu0.1_s390x.deb Checksums-Sha256: cf752b83dca74d164a389fd98da7167121bf1aefd21125192c51b878ada15ef3 11244 libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 8c3c5e2f6207fbb3e3b04de7dbea229f2f4a92a3652a92438c2cdc95a966e929 10440 libtiff-opengl_4.0.6-1ubuntu0.1_s390x.deb 2862c3e09a901aaece62516e0dfb9bdb328044cb5115989759db1ed9b5aff80a 268178 libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb feeaa2bcfdf292767cdd707bc2a548c6e587b08ba470d81fe999a4a1795460dd 214586 libtiff-tools_4.0.6-1ubuntu0.1_s390x.deb 897c15d9e92b35009a31f092bd00fbe574ace2ec56df6095c9c0a2dbd921d523 250700 libtiff5-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 0acd900b3b3a582cf9acc776a137a76a15d4a05d439d88c651c4002816030329 262930 libtiff5-dev_4.0.6-1ubuntu0.1_s390x.deb c97376a68b5a6b2f005818172fc2166f15bf9a4deebc70438e25e874e8bf88e0 141038 libtiff5_4.0.6-1ubuntu0.1_s390x.deb b44fb6feee2e2db53e23cf967c572d04c3e4dd61dc7ebfb13117173950d80466 14556 libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 76d7ea26ebaefbba86b2383c4a9eacda436698a43bf1264daa1649a8a4439757 5722 libtiffxx5_4.0.6-1ubuntu0.1_s390x.deb Files: f9f3122588e826b89f41408febcd2f94 11244 graphics extra libtiff-opengl-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 634d3adbc38094fc4fdf78e8153f11a6 10440 graphics optional libtiff-opengl_4.0.6-1ubuntu0.1_s390x.deb e45dce94b0bf33fad0d85a3b736d725d 268178 graphics extra libtiff-tools-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 92b122ae4b867d6b0afa2bb724df9dc5 214586 graphics optional libtiff-tools_4.0.6-1ubuntu0.1_s390x.deb d798878f34c3a0e01d11fe9618bcd88a 250700 libs extra libtiff5-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb bf4662d9bccfd79529666b267aa3624d 262930 libdevel optional libtiff5-dev_4.0.6-1ubuntu0.1_s390x.deb b865855a74e9cfb0f1289b38ef175da2 141038 libs optional libtiff5_4.0.6-1ubuntu0.1_s390x.deb aa14cb8184088f05c4e1ed57747c95cc 14556 libs extra libtiffxx5-dbgsym_4.0.6-1ubuntu0.1_s390x.ddeb 5eee445dec1db5a8b6833fcafada2461 5722 libs optional libtiffxx5_4.0.6-1ubuntu0.1_s390x.deb Original-Maintainer: Ondřej Surý