Format: 1.8 Date: Mon, 27 Feb 2017 10:55:30 -0500 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc libtiff5-alt-dev libtiff4-dev Architecture: ppc64el Version: 4.0.3-7ubuntu0.6 Distribution: trusty Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff4-dev - Tag Image File Format library (TIFF), transitional package libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), transitional package libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.3-7ubuntu0.6) trusty-security; urgency=medium . * SECURITY UPDATE: DoS via crafted field data in an extension tag - debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.c. - CVE-2015-7554 * SECURITY UPDATE: DoS and possible code execution via large width field in a BMP image - debian/patches/CVE-2015-8668.patch: properly calculate size in tools/bmp2tiff.c. - CVE-2015-8668 * SECURITY UPDATE: heap-buffer-overflow in tiffcrop - debian/patches/CVE-2016-10092.patch: properly increment buffer in tools/tiffcrop.c. - CVE-2016-10092 * SECURITY UPDATE: heap-based buffer overflow in tiffcp - debian/patches/CVE-2016-10093.patch: fix uint32 underflow/overflow in tools/tiffcp.c. - CVE-2016-10093 * SECURITY UPDATE: off-by-one error in tiff2pdf - debian/patches/CVE-2016-10094.patch: fix count in tools/tiff2pdf.c. - CVE-2016-10094 * SECURITY UPDATE: DoS in tiff2rgba tool - debian/patches/CVE-2016-3622.patch: enforce bits-per-sample in libtiff/tif_getimage.c, libtiff/tif_predict.c. - CVE-2016-3622 * SECURITY UPDATE: DoS in rgb2ycbcr tool - debian/patches/CVE-2016-3623.patch: validate parameters in tools/rgb2ycbcr.c. - CVE-2016-3623 - CVE-2016-3624 * SECURITY UPDATE: DoS and possible code execution via crafted TIFF image - debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in tools/thumbnail.c. - CVE-2016-3632 - CVE-2016-8331 * SECURITY UPDATE: DoS via out-of-bounds read - debian/patches/CVE-2016-3658.patch: properly handle SamplesPerPixel change in libtiff/tif_dir.c, avoid null pointer dereference in libtiff/tif_dirwrite.c - CVE-2016-3658 * SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool - debian/patches/CVE-2016-3945.patch: fix integer overflow in tools/tiff2rgba.c. - CVE-2016-3945 * SECURITY UPDATE: DoS and possible code execution via overflow in horizontalDifference8 function - debian/patches/CVE-2016-3990.patch: add check to libtiff/tif_pixarlog.c. - CVE-2016-3990 * SECURITY UPDATE: DoS and possible code execution in tiffcrop - debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c. - CVE-2016-3991 - CVE-2016-5322 * SECURITY UPDATE: PixarLogDecode() out-of-bound writes - debian/patches/CVE-2016-5314.patch: check size in libtiff/tif_pixarlog.c. - CVE-2016-5314 - CVE-2016-5315 - CVE-2016-5316 - CVE-2016-5317 - CVE-2016-5320 - CVE-2016-5875 * SECURITY UPDATE: DoS in DumpModeDecode function - debian/patches/CVE-2016-5321.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5321 * SECURITY UPDATE: DoS in _TIFFFax3fillruns function - debian/patches/CVE-2016-5323.patch: limit number of samples in tools/tiffcrop.c. - CVE-2016-5323 * SECURITY UPDATE: DoS and possible code execution in tiff2pdf - debian/patches/CVE-2016-5652.patch: properly handle markers in tools/tiff2pdf.c. - CVE-2016-5652 * SECURITY UPDATE: DoS and info disclosure via negative index - debian/patches/CVE-2016-6223.patch: properly handle stripoffset in libtiff/tif_read.c. - CVE-2016-6223 * SECURITY UPDATE: DoS in tiffsplit - debian/patches/CVE-2016-9273.patch: don't recompute value in libtiff/tif_strip.c. - CVE-2016-9273 * SECURITY UPDATE: DoS via crafted tag values - debian/patches/CVE-2016-9297.patch: NULL-terminate values in libtiff/tif_dirread.c. - CVE-2016-9297 * SECURITY UPDATE: DoS caused by CVE-2016-9297 - debian/patches/CVE-2016-9448.patch: check for NULL in libtiff/tif_dirread.c. - CVE-2016-9448 * SECURITY UPDATE: DoS and possibe code execution via TIFFTAG_JPEGTABLES of length one - debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c. - CVE-2016-9453 * SECURITY UPDATE: integer overflow in writeBufferToSeparateStrips - debian/patches/CVE-2016-9532.patch: check for overflows in tools/tiffcrop.c. - CVE-2016-9532 * SECURITY UPDATE: multiple out-of-bounds writes issues - debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c, tools/tiffcrop.c. - CVE-2016-9533 - CVE-2016-9534 - CVE-2016-9536 - CVE-2016-9537 * SECURITY UPDATE: assertion failure via unusual tile size - debian/patches/CVE-2016-9535-1.patch: replace assertions with runtime checks in libtiff/tif_predict.c, libtiff/tif_predict.h. - debian/patches/CVE-2016-9535-2.patch: fix memory leaks in libtiff/tif_predict.c. - CVE-2016-9535 * SECURITY UPDATE: integer overflow in tiffcrop - debian/patches/CVE-2016-9538.patch: fix undefined variable reads in tools/tiffcp.c, tools/tiffcrop.c. - CVE-2016-9538 * SECURITY UPDATE: out-of-bounds read in tiffcrop - debian/patches/CVE-2016-9539.patch: check size in tools/tiffcrop.c. - CVE-2016-9539 * SECURITY UPDATE: out-of-bounds write via odd tile width versus image width - debian/patches/CVE-2016-9540.patch: check bounds in tools/tiffcp.c. - CVE-2016-9540 * SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value - debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c. - CVE-2017-5225 Checksums-Sha1: bf0108aafcf9f2c619c0a402469e7b7d23c35109 151146 libtiff5_4.0.3-7ubuntu0.6_ppc64el.deb c5603724cadcd7a12ea43b0b818c05db8428be28 301104 libtiff5-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 31b31b2cf42b1ec9e9ed700ef311f21192900171 5938 libtiffxx5_4.0.3-7ubuntu0.6_ppc64el.deb 401be230c2379c7194d5d2c8e64e73afb8fcacf1 15406 libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 64407ae9b21a529688d60e23a0b23bfaaef889c4 287516 libtiff5-dev_4.0.3-7ubuntu0.6_ppc64el.deb 59e198421fc63e136a177c95cee250320757ce20 230592 libtiff-tools_4.0.3-7ubuntu0.6_ppc64el.deb 811432a5f06a1f0b1f126233782ac66752806120 360682 libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 4381e74df917a8284712b6fb9b0cb3302389074f 10912 libtiff-opengl_4.0.3-7ubuntu0.6_ppc64el.deb c5727b2a766e8b7ec1c0efa57bbe108ea5d1b794 13184 libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 396f6afdd4191f8ac2b77c25e5de0307c3f6d9c4 2358 libtiff5-alt-dev_4.0.3-7ubuntu0.6_ppc64el.deb f0db0de6ba98c97331d9fc8e9579783b1d310544 2360 libtiff4-dev_4.0.3-7ubuntu0.6_ppc64el.deb Checksums-Sha256: dfb178c26e12fe094cc4acb4d573429894c1998f508d4b661e80e038c5fdc1ac 151146 libtiff5_4.0.3-7ubuntu0.6_ppc64el.deb 0a3476cc4d753ff0d1b241db12e15502bc731eefe7dae5cc09505b372878ab8e 301104 libtiff5-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb fe1ead5ece7eb4016f6282980793f9c8a240aa4460d26566c513516d44b434e0 5938 libtiffxx5_4.0.3-7ubuntu0.6_ppc64el.deb bfbe8d208533983d0904178e1cdbcb2fe1e4770129219b62519f3ecb0d06be80 15406 libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb c3c0482aa3245f36a554b90c468b95b63ea3bd27d00bc07d211cfd480a7f19f8 287516 libtiff5-dev_4.0.3-7ubuntu0.6_ppc64el.deb 2e9d1dd02ffba043742bcd166b4887f3e33168b5fdf963c8437b332c49161a75 230592 libtiff-tools_4.0.3-7ubuntu0.6_ppc64el.deb 079ed066de29204c4be082bdb2cbfd609efe278dc175572cd230d413b30f7552 360682 libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 282902f72096fad895934a1c944a9ccab5ca3484b075dd6ffbf630b937c63a49 10912 libtiff-opengl_4.0.3-7ubuntu0.6_ppc64el.deb 7320bd22f4f1ae6db520a6ab4f759f324507a21fae0bc42250327da7a81a2702 13184 libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 45ba163fba360a778714e51897eeb110ea4c44b560daf1626674c17af3179b5a 2358 libtiff5-alt-dev_4.0.3-7ubuntu0.6_ppc64el.deb 5946f1082f5f0057881cc2aba253dd2f06c9d108afb8cbca926a78762bb8fcda 2360 libtiff4-dev_4.0.3-7ubuntu0.6_ppc64el.deb Files: c98555f3bb8987b830b909d40006a266 151146 libs optional libtiff5_4.0.3-7ubuntu0.6_ppc64el.deb e4c3b2de46b1c7c43c468a949986f3f1 301104 libs extra libtiff5-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb e7fead88b2f12635cf2348ace9be0ee1 5938 libs optional libtiffxx5_4.0.3-7ubuntu0.6_ppc64el.deb 390af691d0081f9d25622abf84dea5bd 15406 libs extra libtiffxx5-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 51b73389676ff11ddb2233339aee450b 287516 libdevel optional libtiff5-dev_4.0.3-7ubuntu0.6_ppc64el.deb 63552e196613069220171a94b22a8d5d 230592 graphics optional libtiff-tools_4.0.3-7ubuntu0.6_ppc64el.deb 55dc63241f642d5250f1bc2b1c65bab3 360682 graphics extra libtiff-tools-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb 6d7f863fc481692a6f275782d1c11980 10912 graphics optional libtiff-opengl_4.0.3-7ubuntu0.6_ppc64el.deb f7f4950983d03278cfdfb3f871eaca64 13184 graphics extra libtiff-opengl-dbgsym_4.0.3-7ubuntu0.6_ppc64el.ddeb fbf30b1037acf35658c1db82c0fd86c5 2358 oldlibs extra libtiff5-alt-dev_4.0.3-7ubuntu0.6_ppc64el.deb 8df7d702cf04e6d42143d2ad908d55ff 2360 oldlibs extra libtiff4-dev_4.0.3-7ubuntu0.6_ppc64el.deb Original-Maintainer: Jay Berkenbilt