Remaining differences with tiff from Debian unstable:
* Merge from Debian unstable (LP #1997278). Also we take Debian's security
fixes for the recent CVEs, except for CVE-2022-2519_2520_2521_2953.patch
which is not included in Debian, at least as of now.
* Don't build with LERC on i386 because it requires numpy (Closes:
#1017958)
In summary, we are adapting Debian's security fixes, and adding in our
CVE-2022-2519_2520_2521_2953.patch as well, since they don't have in
Debian yet (I'll see about opening a bug report with them on whether
they want to add this patch as well), and we also don't build with LERC
on i386 (Debian folks weren't interested in taking this).
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-2519
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to tiff in Ubuntu.
https://bugs.launchpad.net/bugs/1997278
Title:
Merge tiff 4.4.0-5 (main) from Debian unstable (main)
Status in tiff package in Ubuntu:
In Progress
Bug description:
Please merge tiff 4.4.0-5 (main) from Debian unstable (main)
Changelog entries since current kinetic version 4.4.0-4ubuntu3:
tiff (4.4.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627,
out of bounds write and denial of service via a crafted TIFF file.
* Backport security fix for CVE-2022-3570, multiple heap buffer overflows
via crafted TIFF file.
* Backport security fix for CVE-2022-3599, denial-of-service via a crafted
TIFF file.
* Backport security fix for CVE-2022-3598, denial-of-service via a crafted
TIFF file (closes: #1022555).
-- Laszlo Boszormenyi (GCS) <g...@debian.org> Sun, 23 Oct 2022
22:38:15 +0200
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1997278/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
