Publishing details

Changelog

tiff (4.0.3-7ubuntu0.11) trusty-security; urgency=medium

  * SECURITY UPDATE: heap over-read in TIFFWriteScanline
    - debian/patches/CVE-2018-10779.patch: fix overflow in
      libtiff/tif_write.c.
    - CVE-2018-10779
  * SECURITY UPDATE: heap over-read in cpSeparateBufToContigBuf
    - debian/patches/CVE-2018-12900-1.patch: check for overflow in
      tools/tiffcp.c.
    - debian/patches/CVE-2018-12900-2.patch: use INT_MAX in tools/tiffcp.c.
    - CVE-2018-12900
    - CVE-2019-7663
  * SECURITY UPDATE: NULL pointer dereference in _TIFFmemcmp
    - debian/patches/CVE-2018-17000.patch: add NULL check in
      libtiff/tif_dirwrite.c.
    - CVE-2018-17000
  * SECURITY UPDATE: NULL pointer dereference in TIFFWriteDirectorySec
    - debian/patches/CVE-2018-19210-1.patch: unset transferfunction field
      if necessary in libtiff/tif_dir.c.
    - debian/patches/CVE-2018-19210-2.patch: fix warning in
      libtiff/tif_dir.c.
    - CVE-2018-19210
  * SECURITY UPDATE: memory leak in TIFFFdOpen
    - debian/patches/CVE-2019-6128.patch: properly handle errors in
      tools/pal2rgb.c.
    - CVE-2019-6128

 -- Marc Deslauriers <email address hidden>  Mon, 11 Mar 2019 12:51:58 -0400

Available diffs

Builds

Built packages

Package files