[ubuntu/noble-proposed] tiff 4.5.1+git230720-4ubuntu1 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 28 19:49:12 UTC 2024
tiff (4.5.1+git230720-4ubuntu1) noble; urgency=medium
* Merge with Debian. Remaining change:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: out-of-bounds read in tiffcrop
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection in tools/tiffcrop.c.
- CVE-2023-1916
tiff (4.5.1+git230720-4) unstable; urgency=high
* Backport security fix for CVE-2023-52355, an out-of-memory flaw that
could be triggered by passing a crafted tiff file with documentation
update how to prevent it.
* Backport security fix for CVE-2023-52356, a segment fault flaw that
could be triggered by passing a crafted tiff file (closes: #1061524).
Date: Wed, 28 Feb 2024 14:21:10 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/tiff/4.5.1+git230720-4ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 28 Feb 2024 14:21:10 -0500
Source: tiff
Built-For-Profiles: noudeb
Architecture: source
Version: 4.5.1+git230720-4ubuntu1
Distribution: noble
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Closes: 1017958 1061524
Changes:
tiff (4.5.1+git230720-4ubuntu1) noble; urgency=medium
.
* Merge with Debian. Remaining change:
- Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
* SECURITY UPDATE: heap based buffer overflow
- debian/patches/CVE-2023-6228.patch: add check for codec configuration
in tools/tiffcp.c.
- CVE-2023-6228
* SECURITY UPDATE: out-of-bounds read in tiffcrop
- debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
function extractImageSection in tools/tiffcrop.c.
- CVE-2023-1916
.
tiff (4.5.1+git230720-4) unstable; urgency=high
.
* Backport security fix for CVE-2023-52355, an out-of-memory flaw that
could be triggered by passing a crafted tiff file with documentation
update how to prevent it.
* Backport security fix for CVE-2023-52356, a segment fault flaw that
could be triggered by passing a crafted tiff file (closes: #1061524).
Checksums-Sha1:
8fffe98c920790a3196be6c7a92de4eab2f83752 2435 tiff_4.5.1+git230720-4ubuntu1.dsc
b142b5bbcd2e304b018de35a7f160461fab001e4 1781896 tiff_4.5.1+git230720.orig.tar.xz
89ddba29053d99dc035aedfa1dd701d59c3a34f5 28116 tiff_4.5.1+git230720-4ubuntu1.debian.tar.xz
2993b6b3a14d83d88b20d39ff81c180223db9311 10927 tiff_4.5.1+git230720-4ubuntu1_source.buildinfo
Checksums-Sha256:
f939b494b359f71fa96c0f26161830e96b8a67e95f85e878ae3353768c3500a1 2435 tiff_4.5.1+git230720-4ubuntu1.dsc
0e51bcf3a3ffa5fc76ea6aeb74a797f95c84544fcc8b6a1ec5def967a78e9e12 1781896 tiff_4.5.1+git230720.orig.tar.xz
7e1c66a005eb303104ee45e5954d5173663933209221228a9275c64406d3a697 28116 tiff_4.5.1+git230720-4ubuntu1.debian.tar.xz
7a743cac2043f33b537724cafb4cfb5ed43fa35ca8677059d9198dc22eee921f 10927 tiff_4.5.1+git230720-4ubuntu1_source.buildinfo
Files:
172f48dfce150f5fc36137c665b45f95 2435 libs optional tiff_4.5.1+git230720-4ubuntu1.dsc
385de53eba580ddd0808c9e295875738 1781896 libs optional tiff_4.5.1+git230720.orig.tar.xz
ea6a1f05ebf24b64b198417f6a4e32ee 28116 libs optional tiff_4.5.1+git230720-4ubuntu1.debian.tar.xz
62bced7132ba9fc3b1113ca11b6e064c 10927 libs optional tiff_4.5.1+git230720-4ubuntu1_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>
More information about the noble-changes
mailing list