-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 13 Jun 2017 12:34:25 +0200 Source: tiff Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc Architecture: source all amd64 Version: 4.0.2-6+deb7u14 Distribution: wheezy-security Urgency: medium Maintainer: Ondřej Surý <ond...@debian.org> Changed-By: Raphaël Hertzog <hert...@debian.org> Description: libtiff-doc - TIFF manipulation and conversion documentation libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil libtiff5-dev - Tag Image File Format library (TIFF), development files libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.0.2-6+deb7u14) wheezy-security; urgency=medium . * Non-maintainer upload by the Debian LTS team. * Switch to upstream-provided patch to fix the numerous CVE related to _TIFFVGetField(). Drop 0042-Make-more-tag-fields-known-to-TIFFReadDirectoryFindF.patch and 0063-Handle-properly-CODEC-specific-tags.patch and replace them with CVE-2016-10095_CVE-2017-9147.patch Fixes CVE-2016-10095 and CVE-2017-9147 (on top of the older similar CVE). * CVE-2017-9403: Fix memory leak in TIFFReadDirEntryLong8Array. * CVE-2017-9404: Fix multiple memory leaks in tif_ojpeg.c. Checksums-Sha1: 37bf2488fa5a3b5247185247944fc008bf85c772 1900 tiff_4.0.2-6+deb7u14.dsc 51083a0ce8a6355a8cdec41f43b0b75c3dab6f7c 75992 tiff_4.0.2-6+deb7u14.debian.tar.gz 175ccd9b18251d3bee021f5ad5ca1fbdeae1356c 416086 libtiff-doc_4.0.2-6+deb7u14_all.deb dc2cde6a3e09bfd25f39b86d2d189546514d3867 239614 libtiff5_4.0.2-6+deb7u14_amd64.deb 440cb19c1041882b3ec37d753b2e27bdb7e67735 77038 libtiffxx5_4.0.2-6+deb7u14_amd64.deb dd3efaebddb66906987f621b83e58e81f571bab5 382090 libtiff5-dev_4.0.2-6+deb7u14_amd64.deb ffae572f1d224004ea83c79ad0d6c3dbbf2f627f 302268 libtiff5-alt-dev_4.0.2-6+deb7u14_amd64.deb 864a8543f0494eaa2beb8faceb933208c3529b08 307594 libtiff-tools_4.0.2-6+deb7u14_amd64.deb 4fb9c44538cf263c5b573315fe42ed504cabb124 82532 libtiff-opengl_4.0.2-6+deb7u14_amd64.deb Checksums-Sha256: 5d7b13b97f6aa419d7dfef834c0015af4319669a7992f42ab4ef3a5d11da25de 1900 tiff_4.0.2-6+deb7u14.dsc af80efcf040ed4573ed7565a3de63c1edd939d93af1bce5e71df944bfff96729 75992 tiff_4.0.2-6+deb7u14.debian.tar.gz aa0b5dc55ea74cedca1b47cbb532359d8b95dafd43c4e5fab13944828e70ef0d 416086 libtiff-doc_4.0.2-6+deb7u14_all.deb 82cc9a44a9b9c0503fc3c14651d5a9ff3c69f89252b8b5cbb5ec3af37af4959e 239614 libtiff5_4.0.2-6+deb7u14_amd64.deb 891767c717809e64aa70f5571483f97a85a4767094bc8708d797b393e6065bfd 77038 libtiffxx5_4.0.2-6+deb7u14_amd64.deb 869b0f7db9f90bf2a0444b932ddac003e8f201d556880dd2f284a3158594721c 382090 libtiff5-dev_4.0.2-6+deb7u14_amd64.deb 9cda711aaf95ed5e0de010791fa89b8da2137db902ca4f5386f1ee4a374998d9 302268 libtiff5-alt-dev_4.0.2-6+deb7u14_amd64.deb 5240fd480022830032d6ca86577f369a13e10606bf179c906797683097931a10 307594 libtiff-tools_4.0.2-6+deb7u14_amd64.deb c08c1cc438bc03ed994fdb57b9cd948d0508ba8f94e54a7bb0b043d29346748e 82532 libtiff-opengl_4.0.2-6+deb7u14_amd64.deb Files: 1cf95e261b719a11fa5cb215fad631d8 1900 libs optional tiff_4.0.2-6+deb7u14.dsc be601b2542351d048029aeaf101394ab 75992 libs optional tiff_4.0.2-6+deb7u14.debian.tar.gz 9764958ff6f27d63d496002154390599 416086 doc optional libtiff-doc_4.0.2-6+deb7u14_all.deb cf1c0d191e32e50e7b324e7e6f2360f6 239614 libs optional libtiff5_4.0.2-6+deb7u14_amd64.deb 1faf607cc4e954551132a40849d4db8f 77038 libs optional libtiffxx5_4.0.2-6+deb7u14_amd64.deb d52da03939a062b444ecbbfe5f18ce95 382090 libdevel optional libtiff5-dev_4.0.2-6+deb7u14_amd64.deb 31994329c9a593589e303905c3c0e2d0 302268 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u14_amd64.deb 7157c8a27f2fdea9cb44d7b273264e02 307594 graphics optional libtiff-tools_4.0.2-6+deb7u14_amd64.deb 33be8002ec5c9eb53fa9197a1ef24c4a 82532 graphics optional libtiff-opengl_4.0.2-6+deb7u14_amd64.deb
-----BEGIN PGP SIGNATURE----- Comment: Signed by Raphael Hertzog iQEzBAEBCgAdFiEE1823g1EQnhJ1LsbSA4gdq+vCmrkFAlk/8F0ACgkQA4gdq+vC mrl9Iwf/bK0LaIfReGtArlsDn9wq9vXVkmmveHeJgrKzxRyXKIlJ7JEJ7ynmY8ry yEUj/4+bAO3RinQOKmedNpn+gdKCwqiSlUqJ2D4TZFb+7d0RHzB4HPlSrOOuLGcG vdl1NdLXY2/2OMCvenkAW4uOOs/t67FelR6/X++r23xFOFdOlAn/1Vrjugis1IO0 fHyBRQ59/cZhhAiARwQM/lpD+gbOu32ZvCsMN5oqoFqIVttSiCj+R+utmN7UDu9H E6RQaItzOBJHCMbjDJXi2UzUFSgjhTXWt2yAGpqxkK3mpo8BYGBp07x5pyNxsUht NySve1EXqikQjP8hDZ17ORPtCezdgw== =639K -----END PGP SIGNATURE-----