tiff (4.5.0-6+deb12u1) bookworm-security; urgency=high
* Non-maintainer upload by the Security Team.
* Fix a memory leak in tiffcrop (CVE-2023-3576)
* Fix buffer overflows in tiffcp and raw2tiff
(CVE-2023-40745, CVE-2023-41175)
-- Aron Xu <aron@debian.org> Thu, 23 Nov 2023 16:06:18 +0800
tiff (4.5.0-6) unstable; urgency=high
* Backport security fix for CVE-2023-2731, NULL pointer dereference flaw in
LZWDecode() (closes: #1036282).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 18 May 2023 18:20:39 +0200
tiff (4.5.0-5) unstable; urgency=high
* Backport fix for tiffcrop correctly update buffersize after
rotateImage() .
* Backport fix for TIFFClose() avoid NULL pointer dereferencing.
* Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802,
CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop
allows attackers to cause a denial-of-service via a crafted tiff file.
* Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797,
CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows
attackers to cause a denial-of-service via a crafted tiff file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 19 Feb 2023 08:46:38 +0100
tiff (4.5.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-48281, heap-based buffer overflow in
processCropSelections() (closes: #1029653).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 25 Jan 2023 18:28:55 +0100
tiff (4.5.0-3) unstable; urgency=medium
* Don't use smartquotes for Sphinx (closes: #1028456).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 12 Jan 2023 17:45:09 +0100
tiff (4.5.0-2) unstable; urgency=medium
* Upload to Sid.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 10 Jan 2023 23:02:27 +0100
tiff (4.5.0-1) experimental; urgency=medium
* New upstream release.
* Backport upstream fix to add a tif_config.h include.
* Backport upstream fix for TIFFWriteDirectorySec(): avoid harmless
unsigned integer overflow.
* Backport upstream fix for TIFFSetDirectory(): avoid harmless unsigned
integer overflow.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 17 Dec 2022 14:03:44 +0100
tiff (4.5.0~rc3+git221213-1) experimental; urgency=medium
* New git snapshot release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Dec 2022 17:36:48 +0100
tiff (4.5.0~rc1+git221213-1) experimental; urgency=medium
* New git snapshot release.
* Update libtiff-dev dependency.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 13 Dec 2022 16:54:10 +0100
tiff (4.5.0~rc1-1) experimental; urgency=medium
* New upstream release candidate version.
* Library transition from libtiff{,xx}5 to libtiff{,xx}6 .
* Link common JavaScript files to packaged ones in libtiff-doc.
* Update Standards-Version to 4.6.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 10 Dec 2022 10:16:36 +0100
tiff (4.4.0-6) unstable; urgency=high
* Backport security fix for CVE-2022-2519, double free or corruption in
rotateImage() (closes: #1024670).
* Backport security fix for CVE-2022-2520, sysmalloc assertion fail in
rotateImage().
* Backport security fix for CVE-2022-2521, invalid pointer free operation
in TIFFClose().
* Backport security fix for CVE-2022-2953, out-of-bounds read in
extractImageSection().
* Backport security fix for CVE-2022-3970, fix (unsigned) integer overflow
on strips/tiles > 2 GB in TIFFReadRGBATileExt() (closes: #1024737).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 24 Nov 2022 17:54:18 +0100
tiff (4.4.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627,
out of bounds write and denial of service via a crafted TIFF file.
* Backport security fix for CVE-2022-3570, multiple heap buffer overflows
via crafted TIFF file.
* Backport security fix for CVE-2022-3599, denial-of-service via a crafted
TIFF file.
* Backport security fix for CVE-2022-3598, denial-of-service via a crafted
TIFF file (closes: #1022555).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 23 Oct 2022 22:38:15 +0200
tiff (4.4.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-34526, denial of service via a crafted
TIFF file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 06 Aug 2022 15:19:15 +0200
tiff (4.4.0-3) unstable; urgency=high
* Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058,
divide by zero error in tiffcrop (closes: #1014494).
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 08 Jul 2022 19:02:43 +0200
tiff (4.4.0-2) unstable; urgency=medium
* Adjust library symbols with LERC build architectures.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 30 May 2022 18:04:05 +0200
tiff (4.4.0-1) unstable; urgency=medium
* New upstream release.
* Backport upstream fix for adding 4.4.0 changes file to documentation.
* Build with LERC compression support (closes: #990789).
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 29 May 2022 12:28:49 +0200
tiff (4.4.0~rc1-1) unstable; urgency=medium
* New upstream release candidate version.
* Update libtiff5 symbols.
* Update watch file.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 21 May 2022 15:41:44 +0200
tiff (4.3.0-8) unstable; urgency=high
* Backport correct security fix for CVE-2022-1355, stack buffer overflow in
"mode" string (closes: #1011160).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 17 May 2022 21:38:14 +0200
tiff (4.3.0-7) unstable; urgency=high
* Backport security fix for CVE-2022-1354, heap buffer overflow in
TIFFReadRawDataStriped().
* Fix segmentation fault printing GPS directory if Altitude tag is present.
* Fix segmentation fault due to field_name=NULL.
* Backport security fix for CVE-2022-1355, stack buffer overflow in "mode"
string.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 25 Apr 2022 22:24:06 +0200
tiff (4.3.0-6) unstable; urgency=high
* Backport security fix for CVE-2022-0908, null source pointer passed as an
argument to memcpy() function within TIFFFetchNormalTag().
* Backport security fix for CVE-2022-0907, unchecked return value to null
pointer dereference in tiffcrop.
* Backport security fix for CVE-2022-0909, divide by zero error in
tiffcrop.
* Backport security fix for CVE-2022-0891, heap buffer overflow in
ExtractImageSection function in tiffcrop.
* Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Mar 2022 11:00:15 +0100
tiff (4.3.0-5) unstable; urgency=high
* Backport security fix for CVE-2022-0865, crash when reading a file with
multiple IFD in memory-mapped mode and when bit reversal is needed.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 07 Mar 2022 22:23:21 +0100
tiff (4.3.0-4) unstable; urgency=high
* Backport security fix for CVE-2022-0561, TIFFFetchStripThing(): avoid
calling memcpy() with a null source pointer and size of zero.
* Backport security fix for CVE-2022-0562, TIFFReadDirectory(): avoid
calling memcpy() with a null source pointer and size of zero.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 12 Feb 2022 21:21:45 +0100
tiff (4.3.0-3) unstable; urgency=high
* Backport security fix for CVE-2022-22844: global-buffer-overflow for
ASCII tags where count is required.
[ Helmut Grohne <helmut@subdivi.de> ]
* Drop unused Build-Depends: libxmu-dev (closes: #981265).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 26 Jan 2022 17:49:14 +0100
tiff (4.3.0-2) unstable; urgency=medium
* Upload to Sid.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 05 Sep 2021 19:25:09 +0200
tiff (4.3.0-1) experimental; urgency=medium
* New upstream release.
* Remove libport_dummy_function@LIBTIFF_4.0 symbol as no longer part of
the libraries.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 01 Jun 2021 08:19:06 +0200
tiff (4.2.0-1) unstable; urgency=medium
* New upstream release.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 21 Dec 2020 15:06:46 +0100
tiff (4.1.0+git201212-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- TIFFSetupStrips: enforce 2GB limitation of
Strip/Tile Offsets/ByteCounts arrays,
- tiff2ps: fix heap buffer read overflow in PSDataColorContig() ,
- tiff2pdf: palette bound check in t2p_sample_realize_palette() ,
- tiffcrop: fix asan runtime error caused by integer promotion,
- raw2tiff: avoid divide by zero,
- tif_fax3.c: check buffer overflow in Fax4Decode() ,
- tif_fax3: better fix for CVE-2011-0192,
- TIFFReadCustomDirectory(): fix potential heap buffer overflow when
reading a custom directory, after a regular directory where a codec was
active,
- tif_fax3.h: check for buffer overflow in EXPAND2D before "calling"
CLEANUP_RUNS() ,
- contrib/win_dib/tiff2dib: fix uninitialized variable: lpBits,
- Fax3SetupState(): check consistency of rowbytes and rowpixels,
potential heap overflow in tiff2pdf,
- tiff2pdf: avoid divide by zero, use-after-free in t2p_writeproc()
function,
- tiffcp/tiff2pdf/tiff2ps: enforce maximum malloc size,
- tif_fax3: more buffer overflow checks in Fax3Decode2D() ,
- tiffset: check memory allocation, use of allocated memory without null
pointer check,
- tiffdump: avoid unaligned memory access,
- tiff2pdf: normalizePoint() macro to normalize the white point, avoid
divide by zero,
- tif_fax3: quit Fax3Decode2D() when a buffer overflow occurs,
- tiffcrop: enforce memory allocation limit,
- tiffinfo: fix dump of Tiled images, heap out of bounds read in
TIFFReadRawData() ,
- Fax3PreDecode(): reset curruns and refruns state variables,
heap-buffer-overflow in Fax3Decode2D() ,
- tif_fax3.h: extra buffer overflow checks, heap-buffer-overflow in
Fax3Decode2D() ,
- TIFFStartStrip(): avoid potential crash in WebP codec when using
scanline access on corrupted files,
- gtTileContig(): check Tile width for overflow,
- avoid buffer overflow while writing jpeg end of file marker,
- tiff2ps.c: fix buffer overread, heap-buffer-overflow in PSDataBW() ,
- fix potential overflow in gtStripContig() ,
- more overflow fixes for large width,
- enforce (configurable) memory limit in tiff2rgba,
- tiff2pdf: enforce memory limit for tiled pictures,
- tiffcrop: fix buffer overrun in extractContigSamples24bits() .
* Build with libdeflate support.
* Update libtiff5 symbols.
* Update debhelper level to 13 .
* Update Standards-Version to 4.5.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Dec 2020 07:52:33 +0100
tiff (4.1.0+git191117-2) unstable; urgency=medium
* Backport upstream fix for rowsperstrip parse regression in
OJPEGReadHeaderInfo() (closes: #945402).
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 08 Jan 2020 15:47:02 +0000
tiff (4.1.0+git191117-1) unstable; urgency=medium
* Git snapshot, fixing the following issues:
- missing TIFFClose in rgb2ycbcr tool,
- missing checks on TIFFGetField in tiffcrop tool,
- broken sanity check in OJPEG,
- missing generated .sh files for tests.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 18 Nov 2019 18:02:46 +0000
tiff (4.1.0-1) unstable; urgency=medium
* New upstream release.
* Update Standards-Version to 4.4.1 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 05 Nov 2019 16:26:48 +0000
tiff (4.0.10+git191003-1) unstable; urgency=high
* Git snapshot, fixing the following security issue:
- TIFFReadAndRealloc(): avoid too large memory allocation attempts.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 03 Oct 2019 22:00:39 +0000
tiff (4.0.10+git190903-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- setByteArray(): avoid potential signed integer overflow,
- EstimateStripByteCounts(): avoid several unsigned integer overflows,
- tif_ojpeg: avoid two unsigned integer overflows,
- OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile
dimensions close to UINT32_MAX,
- _TIFFPartialReadStripArray(): avoid unsigned integer overflow,
- JPEG: avoid use of uninitialized memory on corrupted files,
- TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t,
- allocChoppedUpStripArrays(): avoid unsigned integer overflow,
- tif_ojpeg: avoid use of uninitialized memory on edge/broken file,
- ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer
overflows.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 17 Sep 2019 22:07:35 +0000
tiff (4.0.10+git190818-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- RGBA interface: fix integer overflow potentially causing write heap
buffer overflow,
- setByteArray(): avoid potential signed integer overflow.
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 18 Aug 2019 11:25:27 +0000
tiff (4.0.10+git190814-1) unstable; urgency=high
* Git snapshot, fixing the following security issues:
- TryChopUpUncompressedBigTiff(): avoid potential division by zero,
- fix vulnerability introduced by defer strile loading,
- fix vulnerability in 'D' (DeferStrileLoad) mode,
- return infinite distance when denominator is zero,
- OJPEG: avoid use of uninitialized memory on corrupted files,
- OJPEG: fix integer division by zero on corrupted subsampling factors,
- OJPEGReadBufferFill(): avoid very long processing time on corrupted
files,
- TIFFClientOpen(): fix memory leak if one of the required callbacks is
not provided,
- CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other
implementation-defined behaviour (closes: #934780).
* Update libtiff5 symbols.
* Update Standards-Version to 4.4.0 .
-- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Aug 2019 19:24:22 +0000
# Older entries have been removed from this changelog.
# To read the complete changelog use `apt changelog libtiff-opengl`.
Generated by dwww version 1.15 on Sat May 18 08:16:46 CEST 2024.