Format: 1.8 Date: Mon, 27 Feb 2017 10:55:30 -0500 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc libtiff5-alt-dev libtiff4-dev Architecture: powerpc Version: 4.0.3-7ubuntu0.6 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4-dev - Tag Image File Format library (TIFF), transitional package libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), transitional package libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.3-7ubuntu0.6) trusty-security; urgency=medium . * SECURITY UPDATE: DoS via crafted field data in an extension tag - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c. - CVE-2015-7554 * SECURITY UPDATE: DoS and possible code execution via large width field in a BMP image - debian/patches/CVE-2015-8668.patch: properly calculate size in tools/bmp2tiff.c. - CVE-2015-8668 * SECURITY UPDATE: heap-buffer-overflow in tiffcrop - debian/patches/CVE-2016-10092.patch: properly increment buffer in tools/tiffcrop.c. - CVE-2016-10092 * SECURITY UPDATE: heap-based buffer overflow in tiffcp - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow in tools/tiffcp.c. - CVE-2016-10093 * SECURITY UPDATE: off-by-one error in tiff2pdf - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c. - CVE-2016-10094 * SECURITY UPDATE: DoS in tiff2rgba tool - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in libtiff/tif_getimage.c, libtiff/tif_predict.c. - CVE-2016-3622 * SECURITY UPDATE: DoS in rgb2ycbcr tool - debian/patches/CVE-2016-3623.patch: validate parameters in tools/rgb2ycbcr.c. - CVE-2016-3623 - CVE-2016-3624 * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in tools/thumbnail.c. - CVE-2016-3632 - CVE-2016-8331 * SECURITY UPDATE: DoS via out-of-bounds read - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel change in libtiff/tif_dir.c, avoid null pointer dereference in libtiff/tif_dirwrite.c - CVE-2016-3658 * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool - debian/patches/CVE-2016-3945.patch: fix integer overflow in tools/tiff2rgba.c. - CVE-2016-3945 * SECURITY UPDATE: DoS and possible code execution via overflow in horizontalDifference8 function - debian/patches/CVE-2016-3990.patch: add check to libtiff/tif_pixarlog.c. - CVE-2016-3990 * SECURITY UPDATE: DoS and possible code execution in tiffcrop - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c. - CVE-2016-3991 - CVE-2016-5322 * SECURITY UPDATE: PixarLogDecode() out-of-bound writes - debian/patches/CVE-2016-5314.patch: check size in libtiff/tif_pixarlog.c. - CVE-2016-5314 - CVE-2016-5315 - CVE-2016-5316 - CVE-2016-5317 - CVE-2016-5320 - CVE-2016-5875 * SECURITY UPDATE: DoS in DumpModeDecode function - debian/patches/CVE-2016-5321.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5321 * SECURITY UPDATE: DoS in _TIFFFax3fillruns function - debian/patches/CVE-2016-5323.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5323 * SECURITY UPDATE: DoS and possible code execution in tiff2pdf - debian/patches/CVE-2016-5652.patch: properly handle markers in tools/tiff2pdf.c. - CVE-2016-5652 * SECURITY UPDATE: DoS and info disclosure via negative index - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in libtiff/tif_read.c. - CVE-2016-6223 * SECURITY UPDATE: DoS in tiffsplit - debian/patches/CVE-2016-9273.patch: don't recompute value in libtiff/tif_strip.c. - CVE-2016-9273 * SECURITY UPDATE: DoS via crafted tag values - debian/patches/CVE-2016-9297.patch: NULL-terminate values in libtiff/tif_dirread.c. - CVE-2016-9297 * SECURITY UPDATE: DoS caused by CVE-2016-9297 - debian/patches/CVE-2016-9448.patch: check for NULL in libtiff/tif_dirread.c. - CVE-2016-9448 * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES of length one - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c. - CVE-2016-9453 * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips - debian/patches/CVE-2016-9532.patch: check for overflows in tools/tiffcrop.c. - CVE-2016-9532 * SECURITY UPDATE: multiple out-of-bounds writes issues - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2016-9533 - CVE-2016-9534 - CVE-2016-9536 - CVE-2016-9537 * SECURITY UPDATE: assertion failure via unusual tile size - debian/patches/CVE-2016-9535-1.patch: replace assertions with runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h. - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in libtiff/tif_predict.c. - CVE-2016-9535 * SECURITY UPDATE: integer overflow in tiffcrop - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in tools/tiffcp.c, tools/tiffcrop.c. - CVE-2016-9538 * SECURITY UPDATE: out-of-bounds read in tiffcrop - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c. - CVE-2016-9539 * SECURITY UPDATE: out-of-bounds write via odd tile width versus image width - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c. - CVE-2016-9540 * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c. - CVE-2017-5225 Checksums-Sha1: fa36dbb92aa7937e99069b748ba5ef82d2193766 133166 libtiff5_4.0.3-7ubuntu0.6_powerpc.deb 939b95c099e776c9f17f38b97c68972a83a02982 251316 libtiff5-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 1dabe81f84e55d5859f07c62b54805e23b0743e4 6276 libtiffxx5_4.0.3-7ubuntu0.6_powerpc.deb 6086eeb829b0e8f6417f4091bce99543e342862f 15326 libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 1ada27cb62cef1ee99b71bbcaedbe974a2cdf1b7 249022 libtiff5-dev_4.0.3-7ubuntu0.6_powerpc.deb e53f8f628efaf94c1652907d4365df6ba8f2abfb 208032 libtiff-tools_4.0.3-7ubuntu0.6_powerpc.deb effd2275593a4c9a1700dc9026657bd367c9eff2 279072 libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 8aaa9792898b4d5bf27eb828b2573d8594ca1b4a 10622 libtiff-opengl_4.0.3-7ubuntu0.6_powerpc.deb c23eccced0b22e153db52ef1c4dafd467d77c42f 12756 libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 6873fdcea0793362ac806c10e71aef1bc7f71af7 2364 libtiff5-alt-dev_4.0.3-7ubuntu0.6_powerpc.deb d44b5cd2b8a706688faf3fd1388af22e5a940774 2356 libtiff4-dev_4.0.3-7ubuntu0.6_powerpc.deb Checksums-Sha256: ffc3d991f54745b61d55b56a7dcfc0f5210aa27977bbcde2c99fb78cf2628178 133166 libtiff5_4.0.3-7ubuntu0.6_powerpc.deb 3d59178f8104a97a42860ff44ec1834866add3ebbba002164f2a1e18a11acb5b 251316 libtiff5-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb f05b0164f779fffad161174a611f62bb044f185960b8ac1620adf00b94b4421c 6276 libtiffxx5_4.0.3-7ubuntu0.6_powerpc.deb 024c573c98a6dea6b9e6b7c254eb5eebf3fc1e885460a3a792f91f7c78bd60e5 15326 libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb ebeeb454a9cceaa13b7e02630aa2cbee742d7dff7eccd197f767e32782d3558f 249022 libtiff5-dev_4.0.3-7ubuntu0.6_powerpc.deb 8789feaf65021fa39e303c8c2f754a0058e4f551142ac693b0224af135258553 208032 libtiff-tools_4.0.3-7ubuntu0.6_powerpc.deb b030c1fb51ea50dd204a68c1d66c5d9136dbe6e037f88fab645e8c48ebc30f32 279072 libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 43560aac793955e9d0f90f99d9b45e71eaf879aa4b5e6144f774f3eba8234d94 10622 libtiff-opengl_4.0.3-7ubuntu0.6_powerpc.deb edd6b51d0255ddd7ed8c57c18d2883a9d18aaaf2e8046013c83a1d8957235443 12756 libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb b4cd84be91e46d582a294859861097f46dd014aa05f50f4e4071972711e08186 2364 libtiff5-alt-dev_4.0.3-7ubuntu0.6_powerpc.deb 073edad3dee7e9d2e56553c9da4e688c66eae6014b0d1bf8c462341fa7746ef2 2356 libtiff4-dev_4.0.3-7ubuntu0.6_powerpc.deb Files: 751173b662b02bf8d533c518555be70b 133166 libs optional libtiff5_4.0.3-7ubuntu0.6_powerpc.deb e68fd232ad43c021f22cb3408b50c8e4 251316 libs extra libtiff5-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 232200f919b421887d3cac0df58c559c 6276 libs optional libtiffxx5_4.0.3-7ubuntu0.6_powerpc.deb 75bb50049dd89ce8e058d693f94fa64f 15326 libs extra libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 0546abcdcad46de87a2765464545b0a6 249022 libdevel optional libtiff5-dev_4.0.3-7ubuntu0.6_powerpc.deb 21110b001009bc90be137249f25a0eef 208032 graphics optional libtiff-tools_4.0.3-7ubuntu0.6_powerpc.deb 797274c8a4bbb76a2f26511591a04e82 279072 graphics extra libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb f1ccc316005b08920b809eb707941dad 10622 graphics optional libtiff-opengl_4.0.3-7ubuntu0.6_powerpc.deb 98ba1b40df0fa7e7808d80034556fd9f 12756 graphics extra libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_powerpc.ddeb 5a1623a7c33b2c5d4e07eec813a45b73 2364 oldlibs extra libtiff5-alt-dev_4.0.3-7ubuntu0.6_powerpc.deb 635adc7576c845bfcd421f4c30ce57bb 2356 oldlibs extra libtiff4-dev_4.0.3-7ubuntu0.6_powerpc.deb Original-Maintainer: Jay Berkenbilt