tiff (4.5.0-6+deb12u1) bookworm-security; urgency=high * Non-maintainer upload by the Security Team. * Fix a memory leak in tiffcrop (CVE-2023-3576) * Fix buffer overflows in tiffcp and raw2tiff (CVE-2023-40745, CVE-2023-41175) -- Aron Xu <aron@debian.org> Thu, 23 Nov 2023 16:06:18 +0800 tiff (4.5.0-6) unstable; urgency=high * Backport security fix for CVE-2023-2731, NULL pointer dereference flaw in LZWDecode() (closes: #1036282). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 18 May 2023 18:20:39 +0200 tiff (4.5.0-5) unstable; urgency=high * Backport fix for tiffcrop correctly update buffersize after rotateImage() . * Backport fix for TIFFClose() avoid NULL pointer dereferencing. * Backport security fix for CVE-2023-0800, CVE-2023-0801, CVE-2023-0802, CVE-2023-0803 and CVE-2023-0804, an out-of-bounds write in tiffcrop allows attackers to cause a denial-of-service via a crafted tiff file. * Backport security fix for CVE-2023-0795, CVE-2023-0796, CVE-2023-0797, CVE-2023-0798 and CVE-2023-0799, an out-of-bounds read in tiffcrop allows attackers to cause a denial-of-service via a crafted tiff file. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 19 Feb 2023 08:46:38 +0100 tiff (4.5.0-4) unstable; urgency=high * Backport security fix for CVE-2022-48281, heap-based buffer overflow in processCropSelections() (closes: #1029653). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 25 Jan 2023 18:28:55 +0100 tiff (4.5.0-3) unstable; urgency=medium * Don't use smartquotes for Sphinx (closes: #1028456). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 12 Jan 2023 17:45:09 +0100 tiff (4.5.0-2) unstable; urgency=medium * Upload to Sid. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 10 Jan 2023 23:02:27 +0100 tiff (4.5.0-1) experimental; urgency=medium * New upstream release. * Backport upstream fix to add a tif_config.h include. * Backport upstream fix for TIFFWriteDirectorySec(): avoid harmless unsigned integer overflow. * Backport upstream fix for TIFFSetDirectory(): avoid harmless unsigned integer overflow. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 17 Dec 2022 14:03:44 +0100 tiff (4.5.0~rc3+git221213-1) experimental; urgency=medium * New git snapshot release. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Dec 2022 17:36:48 +0100 tiff (4.5.0~rc1+git221213-1) experimental; urgency=medium * New git snapshot release. * Update libtiff-dev dependency. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 13 Dec 2022 16:54:10 +0100 tiff (4.5.0~rc1-1) experimental; urgency=medium * New upstream release candidate version. * Library transition from libtiff{,xx}5 to libtiff{,xx}6 . * Link common JavaScript files to packaged ones in libtiff-doc. * Update Standards-Version to 4.6.1 . -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 10 Dec 2022 10:16:36 +0100 tiff (4.4.0-6) unstable; urgency=high * Backport security fix for CVE-2022-2519, double free or corruption in rotateImage() (closes: #1024670). * Backport security fix for CVE-2022-2520, sysmalloc assertion fail in rotateImage(). * Backport security fix for CVE-2022-2521, invalid pointer free operation in TIFFClose(). * Backport security fix for CVE-2022-2953, out-of-bounds read in extractImageSection(). * Backport security fix for CVE-2022-3970, fix (unsigned) integer overflow on strips/tiles > 2 GB in TIFFReadRGBATileExt() (closes: #1024737). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 24 Nov 2022 17:54:18 +0100 tiff (4.4.0-5) unstable; urgency=high * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627, out of bounds write and denial of service via a crafted TIFF file. * Backport security fix for CVE-2022-3570, multiple heap buffer overflows via crafted TIFF file. * Backport security fix for CVE-2022-3599, denial-of-service via a crafted TIFF file. * Backport security fix for CVE-2022-3598, denial-of-service via a crafted TIFF file (closes: #1022555). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 23 Oct 2022 22:38:15 +0200 tiff (4.4.0-4) unstable; urgency=high * Backport security fix for CVE-2022-34526, denial of service via a crafted TIFF file. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 06 Aug 2022 15:19:15 +0200 tiff (4.4.0-3) unstable; urgency=high * Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058, divide by zero error in tiffcrop (closes: #1014494). * Update libtiff5 symbols. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Fri, 08 Jul 2022 19:02:43 +0200 tiff (4.4.0-2) unstable; urgency=medium * Adjust library symbols with LERC build architectures. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 30 May 2022 18:04:05 +0200 tiff (4.4.0-1) unstable; urgency=medium * New upstream release. * Backport upstream fix for adding 4.4.0 changes file to documentation. * Build with LERC compression support (closes: #990789). * Update libtiff5 symbols. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 29 May 2022 12:28:49 +0200 tiff (4.4.0~rc1-1) unstable; urgency=medium * New upstream release candidate version. * Update libtiff5 symbols. * Update watch file. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 21 May 2022 15:41:44 +0200 tiff (4.3.0-8) unstable; urgency=high * Backport correct security fix for CVE-2022-1355, stack buffer overflow in "mode" string (closes: #1011160). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 17 May 2022 21:38:14 +0200 tiff (4.3.0-7) unstable; urgency=high * Backport security fix for CVE-2022-1354, heap buffer overflow in TIFFReadRawDataStriped(). * Fix segmentation fault printing GPS directory if Altitude tag is present. * Fix segmentation fault due to field_name=NULL. * Backport security fix for CVE-2022-1355, stack buffer overflow in "mode" string. * Update libtiff5 symbols. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 25 Apr 2022 22:24:06 +0200 tiff (4.3.0-6) unstable; urgency=high * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Mar 2022 11:00:15 +0100 tiff (4.3.0-5) unstable; urgency=high * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 07 Mar 2022 22:23:21 +0100 tiff (4.3.0-4) unstable; urgency=high * Backport security fix for CVE-2022-0561, TIFFFetchStripThing(): avoid calling memcpy() with a null source pointer and size of zero. * Backport security fix for CVE-2022-0562, TIFFReadDirectory(): avoid calling memcpy() with a null source pointer and size of zero. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sat, 12 Feb 2022 21:21:45 +0100 tiff (4.3.0-3) unstable; urgency=high * Backport security fix for CVE-2022-22844: global-buffer-overflow for ASCII tags where count is required. [ Helmut Grohne <helmut@subdivi.de> ] * Drop unused Build-Depends: libxmu-dev (closes: #981265). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 26 Jan 2022 17:49:14 +0100 tiff (4.3.0-2) unstable; urgency=medium * Upload to Sid. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 05 Sep 2021 19:25:09 +0200 tiff (4.3.0-1) experimental; urgency=medium * New upstream release. * Remove libport_dummy_function@LIBTIFF_4.0 symbol as no longer part of the libraries. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 01 Jun 2021 08:19:06 +0200 tiff (4.2.0-1) unstable; urgency=medium * New upstream release. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 21 Dec 2020 15:06:46 +0100 tiff (4.1.0+git201212-1) unstable; urgency=high * Git snapshot, fixing the following security issues: - TIFFSetupStrips: enforce 2GB limitation of Strip/Tile Offsets/ByteCounts arrays, - tiff2ps: fix heap buffer read overflow in PSDataColorContig() , - tiff2pdf: palette bound check in t2p_sample_realize_palette() , - tiffcrop: fix asan runtime error caused by integer promotion, - raw2tiff: avoid divide by zero, - tif_fax3.c: check buffer overflow in Fax4Decode() , - tif_fax3: better fix for CVE-2011-0192, - TIFFReadCustomDirectory(): fix potential heap buffer overflow when reading a custom directory, after a regular directory where a codec was active, - tif_fax3.h: check for buffer overflow in EXPAND2D before "calling" CLEANUP_RUNS() , - contrib/win_dib/tiff2dib: fix uninitialized variable: lpBits, - Fax3SetupState(): check consistency of rowbytes and rowpixels, potential heap overflow in tiff2pdf, - tiff2pdf: avoid divide by zero, use-after-free in t2p_writeproc() function, - tiffcp/tiff2pdf/tiff2ps: enforce maximum malloc size, - tif_fax3: more buffer overflow checks in Fax3Decode2D() , - tiffset: check memory allocation, use of allocated memory without null pointer check, - tiffdump: avoid unaligned memory access, - tiff2pdf: normalizePoint() macro to normalize the white point, avoid divide by zero, - tif_fax3: quit Fax3Decode2D() when a buffer overflow occurs, - tiffcrop: enforce memory allocation limit, - tiffinfo: fix dump of Tiled images, heap out of bounds read in TIFFReadRawData() , - Fax3PreDecode(): reset curruns and refruns state variables, heap-buffer-overflow in Fax3Decode2D() , - tif_fax3.h: extra buffer overflow checks, heap-buffer-overflow in Fax3Decode2D() , - TIFFStartStrip(): avoid potential crash in WebP codec when using scanline access on corrupted files, - gtTileContig(): check Tile width for overflow, - avoid buffer overflow while writing jpeg end of file marker, - tiff2ps.c: fix buffer overread, heap-buffer-overflow in PSDataBW() , - fix potential overflow in gtStripContig() , - more overflow fixes for large width, - enforce (configurable) memory limit in tiff2rgba, - tiff2pdf: enforce memory limit for tiled pictures, - tiffcrop: fix buffer overrun in extractContigSamples24bits() . * Build with libdeflate support. * Update libtiff5 symbols. * Update debhelper level to 13 . * Update Standards-Version to 4.5.1 . -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 13 Dec 2020 07:52:33 +0100 tiff (4.1.0+git191117-2) unstable; urgency=medium * Backport upstream fix for rowsperstrip parse regression in OJPEGReadHeaderInfo() (closes: #945402). -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 08 Jan 2020 15:47:02 +0000 tiff (4.1.0+git191117-1) unstable; urgency=medium * Git snapshot, fixing the following issues: - missing TIFFClose in rgb2ycbcr tool, - missing checks on TIFFGetField in tiffcrop tool, - broken sanity check in OJPEG, - missing generated .sh files for tests. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Mon, 18 Nov 2019 18:02:46 +0000 tiff (4.1.0-1) unstable; urgency=medium * New upstream release. * Update Standards-Version to 4.4.1 . -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 05 Nov 2019 16:26:48 +0000 tiff (4.0.10+git191003-1) unstable; urgency=high * Git snapshot, fixing the following security issue: - TIFFReadAndRealloc(): avoid too large memory allocation attempts. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Thu, 03 Oct 2019 22:00:39 +0000 tiff (4.0.10+git190903-1) unstable; urgency=high * Git snapshot, fixing the following security issues: - setByteArray(): avoid potential signed integer overflow, - EstimateStripByteCounts(): avoid several unsigned integer overflows, - tif_ojpeg: avoid two unsigned integer overflows, - OJPEGWriteHeaderInfo(): avoid unsigned integer overflow on strile dimensions close to UINT32_MAX, - _TIFFPartialReadStripArray(): avoid unsigned integer overflow, - JPEG: avoid use of uninitialized memory on corrupted files, - TIFFFetchDirectory(): fix invalid cast from uint64 to tmsize_t, - allocChoppedUpStripArrays(): avoid unsigned integer overflow, - tif_ojpeg: avoid use of uninitialized memory on edge/broken file, - ByteCountLooksBad and EstimateStripByteCounts: avoid unsigned integer overflows. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 17 Sep 2019 22:07:35 +0000 tiff (4.0.10+git190818-1) unstable; urgency=high * Git snapshot, fixing the following security issues: - RGBA interface: fix integer overflow potentially causing write heap buffer overflow, - setByteArray(): avoid potential signed integer overflow. -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Sun, 18 Aug 2019 11:25:27 +0000 tiff (4.0.10+git190814-1) unstable; urgency=high * Git snapshot, fixing the following security issues: - TryChopUpUncompressedBigTiff(): avoid potential division by zero, - fix vulnerability introduced by defer strile loading, - fix vulnerability in 'D' (DeferStrileLoad) mode, - return infinite distance when denominator is zero, - OJPEG: avoid use of uninitialized memory on corrupted files, - OJPEG: fix integer division by zero on corrupted subsampling factors, - OJPEGReadBufferFill(): avoid very long processing time on corrupted files, - TIFFClientOpen(): fix memory leak if one of the required callbacks is not provided, - CVE-2019-14973, fix integer overflow in _TIFFCheckMalloc() and other implementation-defined behaviour (closes: #934780). * Update libtiff5 symbols. * Update Standards-Version to 4.4.0 . -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Wed, 14 Aug 2019 19:24:22 +0000 # Older entries have been removed from this changelog. # To read the complete changelog use `apt changelog libtiff-opengl`.
Generated by dwww version 1.15 on Sat May 18 08:16:46 CEST 2024.