[ubuntu/mantic-updates] tiff 4.5.1+git230720-1ubuntu1.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Feb 19 18:58:09 UTC 2024

tiff (4.5.1+git230720-1ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: memory exhaustion
    - debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
      memory being greater than filesize in libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-2.patch: add an extra check for above
      condition, to only do it for a defined large request in
    - debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
    - debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
      it for a defined large request in more methods in libtiff/tif_dirread.c.
    - CVE-2023-6277
  * SECURITY UPDATE: segmentation fault
    - debian/patches/CVE-2023-52356.patch: add row and column check based
      on image sizes in libtiff/tif_getimage.c.
    - CVE-2023-52356

Date: 2024-02-16 22:35:15.687573+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the mantic-changes mailing list