-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : gdal Version : 1.10.1+dfsg-8+deb8u2 CVE ID : CVE-2019-17546
tif_getimage.c in LibTIFF, as used in GDAL has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition. For Debian 8 "Jessie", this problem has been fixed in version 1.10.1+dfsg-8+deb8u2. We recommend that you upgrade your gdal packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5yiMsACgkQgj6WdgbD S5ZTaxAAyvdxm+h/KjBENuVMOkTN9ncZOg+W+osUgqOThuCQv5tjSrrf0dn4njbE DcFBaD71xwckL++8ZEOWtrzPZ1SBr43se9+yM/cQsO15Uahh7adPhvMa9YdPYB0V QQLVq5XEG+rxpg7hCPS6wxsq7M3sQ4Mg4fuElxbcRQT+GX1sU1KWHn+24dLS5JWg 3NL5hmMF9MGt12qLGydR8Cw8oG+gcbaxXasNyg6bUThtIOPxqNZ8KLc3YEiuA2wt 1GMZAs/LqOaHJ4vRnmkPcqKoZjrtCBNHBWCYl+Y/pO4AZA3YDak+u9O8GiRnc4bu 4Kw6HpX/f5MHJsLdn4RhLLY7FVdYyznv+M0H0dhnEYg7xa87sBGzgpPKTh3sO8gM qHl+Pf4z/thoeyFHI0CDsjsVUFluEZyAscOf429dOo9rnguKiiV97n+AH5+i8qVk 8D3V4mRmXTHFyjD5YT+ze+xLv33Cin9TXaSrSahPdRoR/efb9M/MNBWg3EmE5gdH S6funLo+aFwhGatD4n8qyKg+ypP8x2dBeZB5LcM6+8hPYC9z99KgQz0VNR2RKcj7 Uk5RIpAFFtzDT9LqbqPbWdedjlIXgZ9/kjIxxqW5qDVzCNWuOC19+R2Wg/3+VTYK NCTNsLVqHdpqvtA1TH5KyNXrtHG7MX0xohGoJlwVSlI2wBNr+FA= =wyVh -----END PGP SIGNATURE-----
