tiff (3.9.5-2ubuntu1.12) precise-security; urgency=medium
* SECURITY UPDATE: heap over-read in TIFFWriteScanline
- debian/patches/CVE-2018-10779.patch: fix overflow in
libtiff/tif_write.c.
- CVE-2018-10779
* SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
- debian/patches/CVE-2018-12900-1.patch: check for overflow in
tools/tiffcp.c.
- debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
- CVE-2018-12900
- CVE-2019-7663
* SECURITY UPDATE: memory leak in TIFFFdOpen
- debian/patches/CVE-2019-6128.patch: properly handle errors in
tools/pal2rgb.c.
- CVE-2019-6128
* SECURITY UPDATE: multiple overflows
- debian/patches/CVE-2018-1710x-*.patch: Avoid overflows in
tools/pal2rgb.c, tools/tiff2bw.c, tools/ppm2tiff.c.
- CVE-2018-17100
- CVE-2018-17101
* SECURITY UPDATE: JBIGDecode out-of-bounds write
- debian/patches/CVE-2018-18557.patch: fix issue in libtiff/tif_jbig.c.
- CVE-2018-18557
tiff (3.9.5-2ubuntu1.11) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: DoS and possible code execution in tiff2rgba tool
- debian/patches/CVE-2016-3945.patch: fix integer overflow in
tools/tiff2rgba.c.
- CVE-2016-3945
* SECURITY UPDATE: DoS or code execution via crafted BitsPerSample value
- debian/patches/CVE-2017-5225.patch: check bps in tools/tiffcp.c.
- CVE-2017-5225
tiff (3.9.5-2ubuntu1.10) precise-security; urgency=medium
* SECURITY UPDATE: DoS via crafted field data in an extension tag
- debian/patches/CVE-2015-7554.patch: add count to tools/tiffsplit.
- CVE-2015-7554
* SECURITY UPDATE: DoS and possible code execution via large width field
in a BMP image
- debian/patches/CVE-2015-8668.patch: properly calculate size in
tools/bmp2tiff.c;
- CVE-2015-8668
* SECURITY UPDATE: heap-buffer-overflow in tiffcrop
- debian/patches/CVE-2016-10092.patch: properly increment buffer in
tools/tiffcrop.c.
- CVE-2016-10092
* SECURITY UPDATE: DoS in rgb2ycbcr tool
- debian/patches/CVE-2016-3623.patch: validate parameters in
tools/rgb2ycbcr.c.
- CVE-2016-3623
- CVE-2016-3624
* SECURITY UPDATE: DoS and possible code execution via crafted TIFF image
- debian/patches/CVE-2016-3632.patch: disable BADFAXLINES in
tools/thumbnail.c.
- CVE-2016-3632
- CVE-2016-8331
* SECURITY UPDATE: DoS and possible code execution via overflow in
horizontalDifference8 function
- debian/patches/CVE-2016-3990.patch: add check to
libtiff/tif_pixarlog.c.
- CVE-2016-3990
* SECURITY UPDATE: DoS and possible code execution in tiffcrop
- debian/patches/CVE-2016-3991.patch: add checks to tools/tiffcrop.c.
- CVE-2016-3991
- CVE-2016-5322
* SECURITY UPDATE: DoS in DumpModeDecode function
- debian/patches/CVE-2016-5321.patch: limit number of samples in
tools/tiffcrop.c.
- CVE-2016-5321
* SECURITY UPDATE: DoS and possible code execution via TIFFTAG_JPEGTABLES
- debian/patches/CVE-2016-9453.patch: fix counts in tools/tiff2pdf.c.
- CVE-2016-9453
* SECURITY UPDATE: multiple out-of-bounds writes issues
- debian/patches/CVE-2016-9533.patch: fix out-of-bounds writes in
libtiff/tif_pixarlog.c, libtiff/tif_write.c, tools/tiff2pdf.c,
tools/tiffcrop.c.
- CVE-2016-9533
- CVE-2016-9534
- CVE-2016-9536
- CVE-2016-9537
Date: 2019-03-15 13:42:19.192371+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-ro...@lists.canonical.com>
https://launchpad.net/ubuntu/+source/tiff/3.9.5-2ubuntu1.12
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes