-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 28 Oct 2018 11:04:14 +0000 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source amd64 all Version: 4.0.9+git181026-1 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Description: libtiff-dev - Tag Image File Format library (TIFF), development files, current libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Closes: 909037 909038 911635 Changes: tiff (4.0.9+git181026-1) unstable; urgency=high . * Git snapshot, fixing the following security issues: - CVE-2018-17100, int32 overflow in multiply_ms() which can cause a DoS or possibly have unspecified other impact via a crafted image file (closes: #909038), - CVE-2018-17101, two out-of-bounds writes in cpTags() which can cause a DoS or possibly have unspecified other impact via a crafted image file (closes: #909037), - CVE-2018-18557, out-of-bounds write in JBIGDecode() (closes: #911635). * Remove previously backported security patches. * Build with Zstandard, a fast lossless compression algorithm. * Build with WebP, the modern VP8 compression format. * Update libtiff5 symbols. Checksums-Sha1: 380331dc7c95e5f551c0f17eecc72b8f77f38893 2280 tiff_4.0.9+git181026-1.dsc 67067989a96fc57c54b385ca377913300c5009fc 1520264 tiff_4.0.9+git181026.orig.tar.xz adafb1972bd365a209cd23850db7faf67ce856a0 17408 tiff_4.0.9+git181026-1.debian.tar.xz 6343e5029fe66f38d725b282e071bf9ed87be6ad 96628 libtiff-dev_4.0.9+git181026-1_amd64.deb a95fdb60d2ebbb30b23e956d987bcd21475d161a 403488 libtiff-doc_4.0.9+git181026-1_all.deb ea3f97fa6434616f40f1ccb7cd4ede2e363525fb 14900 libtiff-opengl-dbgsym_4.0.9+git181026-1_amd64.deb cd7cf5ee3894e019294e2fcf79f57ed0e16c62a4 105148 libtiff-opengl_4.0.9+git181026-1_amd64.deb 9ad2c69f89cf45cb5621e9b39315f6f1b2d6f9d3 421444 libtiff-tools-dbgsym_4.0.9+git181026-1_amd64.deb ad3afdd2c760f3ac35ce8b79b3d958413f8345d3 287912 libtiff-tools_4.0.9+git181026-1_amd64.deb 4a9728366327b24524ebaa79e9878e39be851752 479808 libtiff5-dbgsym_4.0.9+git181026-1_amd64.deb 65f7f41f1773757ffd06d149e09cbbee444b03e9 371556 libtiff5-dev_4.0.9+git181026-1_amd64.deb 22f9b362bdf660d464aef06659b603824f79d9d6 249928 libtiff5_4.0.9+git181026-1_amd64.deb 545435e33051a6f00e3e0b048f8c9ad2de1ecf56 23368 libtiffxx5-dbgsym_4.0.9+git181026-1_amd64.deb d5e15ced9dfb90e91688bee65f5dafdb0c72356f 100376 libtiffxx5_4.0.9+git181026-1_amd64.deb 9b618ef33c7996acc5e5fe2bab6654aa02d65896 12790 tiff_4.0.9+git181026-1_amd64.buildinfo Checksums-Sha256: c62af309cc73df28ace1fcf7d7fa1c4f09f96150d093562347aa711e7d76b08e 2280 tiff_4.0.9+git181026-1.dsc a08f8f156d67d0b9504ff01a1456af975a72f51577d52e39b57847201c6bb6ae 1520264 tiff_4.0.9+git181026.orig.tar.xz fd02f97164b6768c1e775ce965a69937bd56e4210bdcca8f4d78e4a88d4583cc 17408 tiff_4.0.9+git181026-1.debian.tar.xz cd51b100e378cbf40e7c839a1467c87625b21c4c1aae0a7b590ef50f7f46450c 96628 libtiff-dev_4.0.9+git181026-1_amd64.deb 1b82f2896ec19b855d11f93854adc942cd0b21a8db3c52251578a19b010ca315 403488 libtiff-doc_4.0.9+git181026-1_all.deb fa7567f7d73efd38a0bd9692feb857cf399ac2208ac2a9ebb9fcf1f06d386aaf 14900 libtiff-opengl-dbgsym_4.0.9+git181026-1_amd64.deb ca01044ea608343370253287d3991b82ce2d55cf4812e3b872d19adf17010d6a 105148 libtiff-opengl_4.0.9+git181026-1_amd64.deb eba2054eec6c861b0b5a1135aabe41102ad99e3827ec75bcdbde148e6a04e14a 421444 libtiff-tools-dbgsym_4.0.9+git181026-1_amd64.deb 463461d86d9f6c4d0fd1e0f412810c3c156dd81162a26f0fdb15677226f7b900 287912 libtiff-tools_4.0.9+git181026-1_amd64.deb 866cbe2a509d8b794888d227eb2334c787e8ce36a16c5a69382094dd8581d5c1 479808 libtiff5-dbgsym_4.0.9+git181026-1_amd64.deb 8d6bdc5e138a35200234679e54cdd5d81be0f085aedded90e17b1749971e383c 371556 libtiff5-dev_4.0.9+git181026-1_amd64.deb c6dd341b1b157f4aafcec920b69df5e0e4eb269ac5a71f483f0c7843ebf415fb 249928 libtiff5_4.0.9+git181026-1_amd64.deb bd048a8742fb8621af94583f20afe7a58aeca16e24fe952ba58a3b0c6b707741 23368 libtiffxx5-dbgsym_4.0.9+git181026-1_amd64.deb 2f92a6b450f112eca95a8281f7746d8eeda60707f131b37200c023195ade9ae9 100376 libtiffxx5_4.0.9+git181026-1_amd64.deb a989ec34304df87e1d0a1f7d2a4becdd107ea368ff9b67ff038238958e333fac 12790 tiff_4.0.9+git181026-1_amd64.buildinfo Files: ab107454751718ff0a1972dbd0e33710 2280 libs optional tiff_4.0.9+git181026-1.dsc 76cea43835c4e40e3360fb0377277dbc 1520264 libs optional tiff_4.0.9+git181026.orig.tar.xz 6e092ac0ab0f56caa9711c4c44210ee4 17408 libs optional tiff_4.0.9+git181026-1.debian.tar.xz 63ad5e1c6f038cb80422a7232e98d00b 96628 oldlibs optional libtiff-dev_4.0.9+git181026-1_amd64.deb 80ebec254ee919d86316903a926c8531 403488 doc optional libtiff-doc_4.0.9+git181026-1_all.deb dab79ea23e848f162f53e65403973210 14900 debug optional libtiff-opengl-dbgsym_4.0.9+git181026-1_amd64.deb 99f4acc22c951d0f551df966fb2e1eaa 105148 graphics optional libtiff-opengl_4.0.9+git181026-1_amd64.deb e34fd464f894d8931c764ebc9bd0d21c 421444 debug optional libtiff-tools-dbgsym_4.0.9+git181026-1_amd64.deb 554eb78abd2e25497bbc35aa40a9d324 287912 graphics optional libtiff-tools_4.0.9+git181026-1_amd64.deb 4335c3347cef24963f450be106ab05fc 479808 debug optional libtiff5-dbgsym_4.0.9+git181026-1_amd64.deb 45c6cd16354e9bbe852d1c70450ca346 371556 libdevel optional libtiff5-dev_4.0.9+git181026-1_amd64.deb 2a93c016626b8dd9625cc51bacddfc3a 249928 libs optional libtiff5_4.0.9+git181026-1_amd64.deb 558490734f0e939f9536c684608fea95 23368 debug optional libtiffxx5-dbgsym_4.0.9+git181026-1_amd64.deb 7d9ad636ce338f856eba15c6e50e72be 100376 libs optional libtiffxx5_4.0.9+git181026-1_amd64.deb b8ac4eb53758bbada8a2c1f190b7f9df 12790 libs optional tiff_4.0.9+git181026-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlvVzksACgkQ3OMQ54ZM yL9/Xw//XrjN/e1eBuBSbnL3XVvWGIcwH03KtyXIfZ5yg6VZJu48NrUeEjcj1uBp yQOpJMbTdXDKNsXv0s8wGTSLQAAj4EUYEGGQ1Ln0DymndZUb4VL87vRTEStCBiMS YxBoqZKN+qMSOY689ckBXnwa2PGp2VQb8TCcCDexGzV+KmJ8J0CiGlfHfGez+Iuf U0AoZleuwH8QhdmPTfrxiwXVTOA/3+HPcNaqKwNo7fuMzOSnYUKVZHwNuzlSUn7L 2Eyppr6qPy4t9Qhfdu7mKqdrGmWYgI4gj0lAPUDnYAUsk//fY/jZJSNWHtea0dWV BU433ub1U5eLK5WD4kagjRo0xb6m0F9z58IAhpptzsinXycouZEW1ZB6hfdLwO/Q DbqIxHRstn0wni2ezKB+K5lAYExoXjnbssXZaXJ5DpKJJOc85ZEsL8RLT+X0qu3X dvjKvSVct9umrMkZgC2OOGbM9/SjKLU2lg0g/iLdUiQoDmKbR7FXtVJCSWy/SQAt 5UOSq1NAJhST+dORN6AZcYE3+NKbkVPUAb0fXPq24gl8Tgz4PmEB9ZaJm/8vS0pc ucMVIdYqZN1lfgr4LJuxdNPXL+kdf0JwDO7uCXUoQXglwpRuTivaUXRRwFT61HyW hLcztccgFr7bNFItpQqvLTuocLFLT6lbg3D9U6PUYRDhgsX4PJw= =ZObV -----END PGP SIGNATURE-----