[Desktop-packages] [Bug 2012540] Re: Please merge tiff 4.5.0-5 from Debian unstable

Fri, 31 Mar 2023 09:47:13 -0700 

This bug was fixed in the package tiff - 4.5.0-5ubuntu1

---------------
tiff (4.5.0-5ubuntu1) lunar; urgency=high

  * Merge from Debian unstable. Remaining differences:
    - Don't build with LERC on i386 because it requires numpy
      (Closes: #1017958, LP: #2012540)

tiff (4.5.0-5) unstable; urgency=high

  * Backport fix for tiffcrop correctly update buffersize after
    rotateImage() .
  * Backport fix for TIFFClose() avoid NULL pointer dereferencing.
  * Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802,
    CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop
    allows attackers to cause a denial-of-service via a crafted tiff file.
  * Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797,
    CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows
    attackers to cause a denial-of-service via a crafted tiff file.

 -- Nathan Pratta Teodosio <[email protected]>  Fri, 24 Mar
2023 11:13:09 +0100

** Changed in: tiff (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0795

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0796

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0797

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0798

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0799

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0800

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0801

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0802

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0803

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-0804

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/2012540

Title:
  Please merge tiff 4.5.0-5 from Debian unstable

Status in tiff package in Ubuntu:
  Fix Released

Bug description:
  Please merge tiff 4.5.0-5 from Debian unstable.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/2012540/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to