[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
** Changed in: tiff (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: Fix Released Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
I adjusted your changelog entry to include the remaining differences in the changelog message. I think that makes things more clear to the next person who will work on merging new versions. I did a second upload because we accidentally missed the symbols file update when we manually merged later. I am unsubscribing ubuntu-sponsors now because I have uploaded this to Ubuntu. Feel free to resubscribe if you have something else that needs to be sponsored. I saw that you opened a Debian bug for the security patch. Could you forward the patch there too? ** Changed in: tiff (Ubuntu) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: Fix Committed Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
Remaining differences with tiff from Debian unstable: * Merge from Debian unstable (LP #1997278). Also we take Debian's security fixes for the recent CVEs, except for CVE-2022-2519_2520_2521_2953.patch which is not included in Debian, at least as of now. * Don't build with LERC on i386 because it requires numpy (Closes: #1017958) In summary, we are adapting Debian's security fixes, and adding in our CVE-2022-2519_2520_2521_2953.patch as well, since they don't have in Debian yet (I'll see about opening a bug report with them on whether they want to add this patch as well), and we also don't build with LERC on i386 (Debian folks weren't interested in taking this). ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2519 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
And here's a debdiff to 4.4.0-5 from debian unstable, for reference. ** Patch added: "debdiff to the 4.4.0-5 version in debian unstable" https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+attachment/5632154/+files/tiff_4.4.0-5ubuntu1-from-4.4.0-5.debdiff ** Changed in: tiff (Ubuntu) Assignee: Amin Bandali (bandali) => (unassigned) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
Ok please disregard the two earlier debdiffs, and use the following instead. ** Patch added: "debdiff to the 4.4.0-4ubuntu3.1 version in kinetic" https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+attachment/5632153/+files/tiff_4.4.0-5ubuntu1-from-4.4.0-4ubuntu3.1.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
** Changed in: tiff (Ubuntu) Assignee: (unassigned) => Amin Bandali (bandali) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
The attachment "tiff_4.4.0-5ubuntu1-kinetic-to-lunar.debdiff" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team. [This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.] ** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
Please disregard the above two patches; this needs some more work. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
Attaching debdiff with debian unstable per wiki's Merging guide. ** Patch added: "tiff_4.4.0-5ubuntu1-unstable-to-lunar.debdiff" https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+attachment/5631934/+files/tiff_4.4.0-5ubuntu1-unstable-to-lunar.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1997278] Re: Merge tiff 4.4.0-5 (main) from Debian unstable (main)
Attaching debdiff with kinetic per wiki's Merging guide. ** Changed in: tiff (Ubuntu) Assignee: Amin Bandali (bandali) => (unassigned) ** Patch added: "tiff_4.4.0-5ubuntu1-kinetic-to-lunar.debdiff" https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+attachment/5631933/+files/tiff_4.4.0-5ubuntu1-kinetic-to-lunar.debdiff -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to tiff in Ubuntu. https://bugs.launchpad.net/bugs/1997278 Title: Merge tiff 4.4.0-5 (main) from Debian unstable (main) Status in tiff package in Ubuntu: In Progress Bug description: Please merge tiff 4.4.0-5 (main) from Debian unstable (main) Changelog entries since current kinetic version 4.4.0-4ubuntu3: tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) Sun, 23 Oct 2022 22:38:15 +0200 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp