[ubuntu/kinetic-security] tiff 4.4.0-4ubuntu3.1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Tue Nov 8 04:01:03 UTC 2022
tiff (4.4.0-4ubuntu3.1) kinetic-security; urgency=medium
* SECURITY UPDATE: heap-overflow and double free in tiffcrop
- debian/patches/CVE-2022-2519_2520_2521_2953.patch: Add checks and ends
tiffcrop if -S arguments are not mutually exclusive.
- CVE-2022-2519
- CVE-2022-2520
- CVE-2022-2521
- CVE-2022-2953
* SECURITY UPDATE: heap-based buffer overflow
- debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
subroutines in tools/tiffcrop.c.
- CVE-2022-3570
- CVE-2022-3598
* SECURITY UPDATE: out-of-bound write in tiffcrop
- debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
and related TIFFTAG_NUMBEROFINKS value
- CVE-2022-3599
* SECURITY UPDATE: out-of-bound write in tif_unix
- debian/patches/CVE-2022-3626_3627.patch: disable incompatibility of -Z,
-X, -Y, -z options with any PAGE_MODE_x option
- CVE-2022-3626
- CVE-2022-3627
Date: 2022-11-02 15:51:21.098245+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.4.0-4ubuntu3.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list