[ubuntu/artful-updates] tiff 4.0.8-5ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Mar 26 12:28:14 UTC 2018


tiff (4.0.8-5ubuntu0.1) artful-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow in t2p_write_pdf
    - debian/patches/CVE-2017-9935-1.patch: fix transfer function handling
      in libtiff/tif_dir.c, tools/tiff2pdf.c.
    - debian/patches/CVE-2017-9935-2.patch: fix incorrect type for transfer
      table in tools/tiff2pdf.c.
    - CVE-2017-9935
  * SECURITY UPDATE: DoS in TIFFOpen
    - debian/patches/CVE-2017-11613-1.patch: avoid memory exhaustion in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2017-11613-2.patch: rework fix in
      libtiff/tif_dirread.c.
    - CVE-2017-11613
  * SECURITY UPDATE: DoS in TIFFReadDirEntryArray
    - debian/patches/CVE-2017-12944.patch: add protection against excessive
      memory allocation attempts in libtiff/tif_dirread.c.
    - CVE-2017-12944
  * SECURITY UPDATE: TIFFSetupStrips heap overflow in pal2rgb
    - debian/patches/CVE-2017-17095.patch: add workaround to
      tools/pal2rgb.c.
    - CVE-2017-17095
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2017-18013.patch: fix null pointer dereference in
      libtiff/tif_print.c.
    - CVE-2017-18013
  * SECURITY UPDATE: DoS via resource consumption
    - debian/patches/CVE-2018-5784.patch: fix infinite loop in
      contrib/addtiffo/tif_overview.c, tools/tiff2pdf.c, tools/tiffcrop.c.
    - CVE-2018-5784

Date: 2018-03-22 14:55:20.811290+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/tiff/4.0.8-5ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.


More information about the Artful-changes mailing list