Format: 1.8 Date: Mon, 27 Feb 2017 10:55:30 -0500 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc libtiff5-alt-dev libtiff4-dev Architecture: arm64 Version: 4.0.3-7ubuntu0.6 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4-dev - Tag Image File Format library (TIFF), transitional package libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), transitional package libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.3-7ubuntu0.6) trusty-security; urgency=medium . * SECURITY UPDATE: DoS via crafted field data in an extension tag - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c. - CVE-2015-7554 * SECURITY UPDATE: DoS and possible code execution via large width field in a BMP image - debian/patches/CVE-2015-8668.patch: properly calculate size in tools/bmp2tiff.c. - CVE-2015-8668 * SECURITY UPDATE: heap-buffer-overflow in tiffcrop - debian/patches/CVE-2016-10092.patch: properly increment buffer in tools/tiffcrop.c. - CVE-2016-10092 * SECURITY UPDATE: heap-based buffer overflow in tiffcp - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow in tools/tiffcp.c. - CVE-2016-10093 * SECURITY UPDATE: off-by-one error in tiff2pdf - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c. - CVE-2016-10094 * SECURITY UPDATE: DoS in tiff2rgba tool - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in libtiff/tif_getimage.c, libtiff/tif_predict.c. - CVE-2016-3622 * SECURITY UPDATE: DoS in rgb2ycbcr tool - debian/patches/CVE-2016-3623.patch: validate parameters in tools/rgb2ycbcr.c. - CVE-2016-3623 - CVE-2016-3624 * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in tools/thumbnail.c. - CVE-2016-3632 - CVE-2016-8331 * SECURITY UPDATE: DoS via out-of-bounds read - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel change in libtiff/tif_dir.c, avoid null pointer dereference in libtiff/tif_dirwrite.c - CVE-2016-3658 * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool - debian/patches/CVE-2016-3945.patch: fix integer overflow in tools/tiff2rgba.c. - CVE-2016-3945 * SECURITY UPDATE: DoS and possible code execution via overflow in horizontalDifference8 function - debian/patches/CVE-2016-3990.patch: add check to libtiff/tif_pixarlog.c. - CVE-2016-3990 * SECURITY UPDATE: DoS and possible code execution in tiffcrop - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c. - CVE-2016-3991 - CVE-2016-5322 * SECURITY UPDATE: PixarLogDecode() out-of-bound writes - debian/patches/CVE-2016-5314.patch: check size in libtiff/tif_pixarlog.c. - CVE-2016-5314 - CVE-2016-5315 - CVE-2016-5316 - CVE-2016-5317 - CVE-2016-5320 - CVE-2016-5875 * SECURITY UPDATE: DoS in DumpModeDecode function - debian/patches/CVE-2016-5321.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5321 * SECURITY UPDATE: DoS in _TIFFFax3fillruns function - debian/patches/CVE-2016-5323.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5323 * SECURITY UPDATE: DoS and possible code execution in tiff2pdf - debian/patches/CVE-2016-5652.patch: properly handle markers in tools/tiff2pdf.c. - CVE-2016-5652 * SECURITY UPDATE: DoS and info disclosure via negative index - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in libtiff/tif_read.c. - CVE-2016-6223 * SECURITY UPDATE: DoS in tiffsplit - debian/patches/CVE-2016-9273.patch: don't recompute value in libtiff/tif_strip.c. - CVE-2016-9273 * SECURITY UPDATE: DoS via crafted tag values - debian/patches/CVE-2016-9297.patch: NULL-terminate values in libtiff/tif_dirread.c. - CVE-2016-9297 * SECURITY UPDATE: DoS caused by CVE-2016-9297 - debian/patches/CVE-2016-9448.patch: check for NULL in libtiff/tif_dirread.c. - CVE-2016-9448 * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES of length one - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c. - CVE-2016-9453 * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips - debian/patches/CVE-2016-9532.patch: check for overflows in tools/tiffcrop.c. - CVE-2016-9532 * SECURITY UPDATE: multiple out-of-bounds writes issues - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2016-9533 - CVE-2016-9534 - CVE-2016-9536 - CVE-2016-9537 * SECURITY UPDATE: assertion failure via unusual tile size - debian/patches/CVE-2016-9535-1.patch: replace assertions with runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h. - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in libtiff/tif_predict.c. - CVE-2016-9535 * SECURITY UPDATE: integer overflow in tiffcrop - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in tools/tiffcp.c, tools/tiffcrop.c. - CVE-2016-9538 * SECURITY UPDATE: out-of-bounds read in tiffcrop - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c. - CVE-2016-9539 * SECURITY UPDATE: out-of-bounds write via odd tile width versus image width - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c. - CVE-2016-9540 * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c. - CVE-2017-5225 Checksums-Sha1: 5fd77e66dd2ed434d5969669ddbd18737bebafbb 122202 libtiff5_4.0.3-7ubuntu0.6_arm64.deb 63b3cccaa21b48f34303d9beba39e892b9ba0a12 260696 libtiff5-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 8d4162483bca9f246d38e462a98af0ed628d5c5c 5680 libtiffxx5_4.0.3-7ubuntu0.6_arm64.deb f7d7d3fd1b4b4ef51c8d66b85cbf0b3f39f70116 15440 libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 57a9450505737faeb6452cda0966aa8376664b56 244502 libtiff5-dev_4.0.3-7ubuntu0.6_arm64.deb a95a2b77611a8434529e5814eced841efa4f0d4c 198288 libtiff-tools_4.0.3-7ubuntu0.6_arm64.deb 810690d54b40c1efe28429ad8bcfaa8c3c116a57 296690 libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 2f74f2850e65de7b5e4e882a98b4d99c5e2b7fcd 10088 libtiff-opengl_4.0.3-7ubuntu0.6_arm64.deb 0c0d3654611208aae34bcc9c5b5dbef4b9084ff7 12770 libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 06f6af2fe16a397300ea2e26fa139ad20003f30a 2366 libtiff5-alt-dev_4.0.3-7ubuntu0.6_arm64.deb f734524ee8c906f9a91ffb7785da621eab37b6a3 2366 libtiff4-dev_4.0.3-7ubuntu0.6_arm64.deb Checksums-Sha256: c95cb110ac828f096148c29bc7f7ad7a01c102596aa6c9a814221251203b4b58 122202 libtiff5_4.0.3-7ubuntu0.6_arm64.deb 1a8c8ff99b43f726821991fefbc0225dfeb330d1475c0527e1b0f285c286e531 260696 libtiff5-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 7e98b882175cae5ce0824d617065ef05bdf33606104a433896674b005b1c7c03 5680 libtiffxx5_4.0.3-7ubuntu0.6_arm64.deb 41008ef359d3e5efa037a275ae6512d331a80a11ce74d5cbbd6b7ee8aa2d827a 15440 libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb ab2e8a860829ff1464a08590d06e69b0a0829f714f8efaf8128ee47e24ad1acf 244502 libtiff5-dev_4.0.3-7ubuntu0.6_arm64.deb 831ec4275c61f4ed696bf820343abf235826d029b9f237876beed0ba017b9be6 198288 libtiff-tools_4.0.3-7ubuntu0.6_arm64.deb 6f18026bd34b3f990b1a0d995418dc5e5dfd618681d4f45114462e6508add91f 296690 libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 26f5ebdea31cf32a0cbd2c8bb209652a0217bd42938e31bdb225358f521a639f 10088 libtiff-opengl_4.0.3-7ubuntu0.6_arm64.deb 7356bda5363f293ff8f431e0358f109a63c78fe27b8606cb16a7105e513518bb 12770 libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb c0f3ec726a2f36ffc4ba46d22657a2cf2794fea3f628571fc3c3370678b09773 2366 libtiff5-alt-dev_4.0.3-7ubuntu0.6_arm64.deb d65e53b11cda6c728a9701b01327c0dd1ca3dafb3fcecc1b675b30af218092ce 2366 libtiff4-dev_4.0.3-7ubuntu0.6_arm64.deb Files: ad169bbbaab942f81f027682257eb9a8 122202 libs optional libtiff5_4.0.3-7ubuntu0.6_arm64.deb ecfaecea94f151a9eee1f57c62c13128 260696 libs extra libtiff5-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 1ee08fe7e18c1fc51039ffc7eaaca1de 5680 libs optional libtiffxx5_4.0.3-7ubuntu0.6_arm64.deb 38a072fc96a1b4751073ddc33758e855 15440 libs extra libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 43f810ecb3bddf93136f4ed4cfdc51d0 244502 libdevel optional libtiff5-dev_4.0.3-7ubuntu0.6_arm64.deb 25b59a55292d6175e735c8d5d6a7a7d3 198288 graphics optional libtiff-tools_4.0.3-7ubuntu0.6_arm64.deb e8e885ef3acd5dbf94e58b2a98278240 296690 graphics extra libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 8f275e051a08a156cb13a5514eba9b00 10088 graphics optional libtiff-opengl_4.0.3-7ubuntu0.6_arm64.deb 5ed02a99763580810505847a53fb15c3 12770 graphics extra libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_arm64.ddeb 1e3eaddd5eeaf88958801c11f5404d0a 2366 oldlibs extra libtiff5-alt-dev_4.0.3-7ubuntu0.6_arm64.deb 841329df2041a2790514710b7a78c935 2366 oldlibs extra libtiff4-dev_4.0.3-7ubuntu0.6_arm64.deb Original-Maintainer: Jay Berkenbilt