-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 14 Aug 2019 19:24:22 +0000 Source: tiff Architecture: source Version: 4.0.10+git190814-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Closes: 934780 Changes: tiff (4.0.10+git190814-1) unstable; urgency=high . * Git snapshot, fixing the following security issues: - TryChopUpUncompressedBigTiff(): avoid potential division by zero, - fix vulnerability introduced by defer strile loading, - fix vulnerability in 'D' (DeferStrileLoad) mode, - return infinite distance when denominator is zero, - OJPEG: avoid use of uninitialized memory on corrupted files, - OJPEG: fix integer division by zero on corrupted subsampling factors, - OJPEGReadBufferFill(): avoid very long processing time on corrupted files, - TIFFClientOpen(): fix memory leak if one of the required callbacks is not provided, - CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (closes: #934780). * Update libtiff5 symbols. * Update Standards-Version to 4.4.0 . Checksums-Sha1: 56a0327f17d4b136f77a4ca08ca5a00b8cc87aa0 2243 tiff_4.0.10+git190814-1.dsc 30860672b3dade20fb8074304352378c424ab1a9 1477060 tiff_4.0.10+git190814.orig.tar.xz 7c2bf1c25d83ce9714cad0869daa29a5296b0488 18432 tiff_4.0.10+git190814-1.debian.tar.xz Checksums-Sha256: c7788186e23618f4f67b9fd4fc89d495f340b134018a29511d6156ec49981fc3 2243 tiff_4.0.10+git190814-1.dsc 6e584b54bbbf6bf7e7601f6e4a66c735e16d925be6cb115aa0bf7c8e5a657be7 1477060 tiff_4.0.10+git190814.orig.tar.xz fea62ed59e3de3382c602f475f5c127921a9a77db2b4a587c8f348ce7c1424ba 18432 tiff_4.0.10+git190814-1.debian.tar.xz Files: 2d30e9ecb75726a6da3140d4ca940cb8 2243 libs optional tiff_4.0.10+git190814-1.dsc e3c903b2ae6bd7a69decc578f2d83a33 1477060 libs optional tiff_4.0.10+git190814.orig.tar.xz aa0640ca3faee35c2bb975e088b8b527 18432 libs optional tiff_4.0.10+git190814-1.debian.tar.xz
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl1UZvsACgkQ3OMQ54ZM yL80cxAAry4XPSkk8zkf3xhYMe7D0YQ56kQ40cbBR8QyPSO49LbwgPqJOEwyf/NI dvFAhf5/xvQrwW84mOqDfp/jGI72kmVttHFb4NdiTsxFHUiNtqGS5dMRDrO4WRhp Op+UjoHG4iLuvIQN1nvQpiZoru7u7zlOkCxyQzrKjXNY9/JwK7ifToc37hcGWB24 YTdYKlSegTQOcvUIs5jia7hPJLdPXIe3/ImPbi2KeXvZmDh87y6t0iMNYk8r8zdn Aj0zRyGRWzYMK/1nLi3C1Pg10gn40bjQ3DAxey+ypMjidmBMHKguwyGUuO8XcXrd hH18NgMlU8v/Zi4yVjSnjRJTAkl3V7dtuIWPvHusVfZ91rr4TzFQaorKXfy5oTNZ Vp9ksesojROB72e0PiRnkM09pe0R9bU7slooVXNXCxEtrRGwC725JIaz+6x4MdZF hiqHIbaGmNYNRx8LHQsLz4KPgzn6TtfOZukK+yZAKGuXir0nSznqEgNSQgeOTp+x PQu9AC7SknputPJURqzr/UhW00XAOfQjVSClu6VX+me0wUOTCkrgr1jCDGuHGnL6 cLOEnr4wpqKSzx2iYVqOdK5gWa/cCH+VhztGCxe44e4MQO1A4Z/IQWy4tZ3o1gco Vxhxuy/zKmgZZnjSFUT3Sequ06eMx579MLepV7rnqYTpIPgXb/Q= =Mk7Z -----END PGP SIGNATURE-----