Change log for tiff package in Ubuntu

175 of 280 results
Published in plucky-release
Published in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
tiff (4.5.1+git230720-4ubuntu4) oracular; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden>  Thu, 05 Sep 2024 16:59:32 +0300
Published in focal-updates
Published in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.14) focal-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden>  Thu, 05 Sep 2024 16:59:45 +0300
Published in jammy-updates
Published in jammy-security
tiff (4.3.0-6ubuntu0.10) jammy-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden>  Thu, 05 Sep 2024 16:59:39 +0300
Published in noble-updates
Published in noble-security
tiff (4.5.1+git230720-4ubuntu2.2) noble-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2024-7006.patch: adds check for the return value
      of _TIFFCreateAnonField() to handle potential NULL pointers in
      libtiff/tif_dirinfo.c and libtiff/tif_dirread.c.
    - CVE-2024-7006

 -- Ian Constantin <email address hidden>  Thu, 05 Sep 2024 16:59:36 +0300
Superseded in oracular-release
Deleted in oracular-proposed (Reason: Moved to oracular)
tiff (4.5.1+git230720-4ubuntu3) oracular; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden>  Thu, 30 May 2024 13:55:08 +1000
Superseded in noble-updates
Superseded in noble-security
tiff (4.5.1+git230720-4ubuntu2.1) noble-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden>  Wed, 29 May 2024 15:09:58 +1000
Published in mantic-updates
Published in mantic-security
tiff (4.5.1+git230720-1ubuntu1.2) mantic-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden>  Wed, 29 May 2024 15:09:26 +1000
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.13) focal-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden>  Mon, 27 May 2024 13:22:12 +1000
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.9) jammy-security; urgency=medium

  * SECURITY UPDATE: heap buffer overflow in tiffcrop.c
    - debian/patches/CVE-2023-3164.patch: heap buffer overflow in tiffcrop.c
    - CVE-2023-3164

 -- Bruce Cable <email address hidden>  Wed, 29 May 2024 12:08:52 +1000
Superseded in oracular-release
Published in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
tiff (4.5.1+git230720-4ubuntu2) noble; urgency=medium

  * No-change rebuild for CVE-2024-3094

 -- Steve Langasek <email address hidden>  Sun, 31 Mar 2024 08:28:11 +0000
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
tiff (4.5.1+git230720-4ubuntu1) noble; urgency=medium

  * Merge with Debian. Remaining change:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: out-of-bounds read in tiffcrop
    - debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
      function extractImageSection in tools/tiffcrop.c.
    - CVE-2023-1916

Superseded in mantic-updates
Superseded in mantic-security
tiff (4.5.1+git230720-1ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: memory exhaustion
    - debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
      memory being greater than filesize in libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-2.patch: add an extra check for above
      condition, to only do it for a defined large request in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
      it for a defined large request in more methods in libtiff/tif_dirread.c.
    - CVE-2023-6277
  * SECURITY UPDATE: segmentation fault
    - debian/patches/CVE-2023-52356.patch: add row and column check based
      on image sizes in libtiff/tif_getimage.c.
    - CVE-2023-52356

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Fri, 09 Feb 2024 18:47:50 -0300
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.8) jammy-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: memory exhaustion
    - debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
      memory being greater than filesize in libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-2.patch: add an extra check for above
      condition, to only do it for a defined large request in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
      it for a defined large request in more methods in libtiff/tif_dirread.c.
    - CVE-2023-6277
  * SECURITY UPDATE: segmentation fault
    - debian/patches/CVE-2023-52356.patch: add row and column check based
      on image sizes in libtiff/tif_getimage.c.
    - CVE-2023-52356

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Fri, 09 Feb 2024 18:02:38 -0300
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.12) focal-security; urgency=medium

  * SECURITY UPDATE: heap based buffer overflow
    - debian/patches/CVE-2023-6228.patch: add check for codec configuration
      in tools/tiffcp.c.
    - CVE-2023-6228
  * SECURITY UPDATE: memory exhaustion
    - debian/patches/CVE-2023-6277-1.patch: add multiple checks for requested
      memory being greater than filesize in libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-2.patch: add an extra check for above
      condition, to only do it for a defined large request in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-3.patch: remove one of the checks in
      libtiff/tif_dirread.c.
    - debian/patches/CVE-2023-6277-4.patch: add the extra check, to only do
      it for a defined large request in more methods in libtiff/tif_dirread.c.
    - CVE-2023-6277
  * SECURITY UPDATE: segmentation fault
    - debian/patches/CVE-2023-52356.patch: add row and column check based
      on image sizes in libtiff/tif_getimage.c.
    - CVE-2023-52356

 -- Rodrigo Figueiredo Zaiden <email address hidden>  Fri, 09 Feb 2024 16:43:26 -0300
Deleted in noble-updates (Reason: superseded by release)
Superseded in noble-release
Deleted in noble-proposed (Reason: Moved to noble)
tiff (4.5.1+git230720-3ubuntu1) noble; urgency=medium

  * Merge with Debian. Remaining change:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)

Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.11) focal-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-40090.patch: Improved IFD-Loop Handling.
    - CVE-2022-40090
  * SECURITY UPDATE: memory leak
    - debian/patches/CVE-2023-3576.patch: Fix memory leak in tiffcrop.c.
    - CVE-2023-3576

 -- Fabian Toepfer <email address hidden>  Thu, 23 Nov 2023 14:41:23 +0100
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.7) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2022-40090.patch: Improved IFD-Loop Handling.
    - CVE-2022-40090
  * SECURITY UPDATE: memory leak
    - debian/patches/CVE-2023-3576.patch: Fix memory leak in tiffcrop.c.
    - CVE-2023-3576

 -- Fabian Toepfer <email address hidden>  Thu, 23 Nov 2023 14:39:56 +0100
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.10) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
      function extractImageSection
    - CVE-2023-1916

 -- Nishit Majithia <email address hidden>  Tue, 10 Oct 2023 15:58:04 +0530
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.6) jammy-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
      function extractImageSection
    - CVE-2023-1916

 -- Nishit Majithia <email address hidden>  Tue, 10 Oct 2023 15:57:39 +0530
Published in lunar-updates
Published in lunar-security
tiff (4.5.0-5ubuntu1.2) lunar-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read
    - debian/patches/CVE-2023-1916.patch: Fix heap-buffer-overflow in
      function extractImageSection
    - CVE-2023-1916

 -- Nishit Majithia <email address hidden>  Tue, 10 Oct 2023 15:54:39 +0530
Superseded in noble-release
Published in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
tiff (4.5.1+git230720-1ubuntu1) mantic; urgency=medium

  * Merge with Debian. Remaining change:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)

Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.5) jammy-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-48281.patch: correct simple copy paste error in
      tiffcrop.c.
    - CVE-2022-48281
  * SECURITY UPDATE: NULL pointer dereference
    - d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
      undefined behavior in tif_dir.c.
    - CVE-2023-2908
  * SECURITY UPDATE: NULL pointer dereference
    - d/p/0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch: avoid
      NULL pointer dereferencing in tif_close.c.
    - CVE-2023-3316
  * SECURITY UPDATE: buffer overflow
    - d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
      return of writeSelections() in tiffcrop.c.
    - CVE-2023-3618
  * SECURITY UPDATE: heap-based buffer overflow
    - d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
      correctly update buffersize after rotateImage() and enlarge buffsize and
      check integer overflow within rotateImage() in tiffcrop.c.
    - CVE-2023-25433
  * SECURITY UPDATE: Use after free
    - d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
      not reuse input buffer for subsequent images in tiffcrop.c.
    - CVE-2023-26965
  * SECURITY UPDATE: buffer overflow
    - d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
      and correct for NaN data in uv_encode() in tif_luv.c.
    - CVE-2023-26966
  * SECURITY UPDATE: Integer overflow
    - d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
      memory corruption (overflow) in tiffcp.c.
    - CVE-2023-38288
  * SECURITY UPDATE: Integer overflow
    - d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
      integer overflow and bypass of the check in raw2tiff.c.
    - CVE-2023-38289

 -- Fabian Toepfer <email address hidden>  Mon, 07 Aug 2023 17:56:53 +0200
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.9) focal-security; urgency=medium

  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-48281.patch: correct simple copy paste error in
      tiffcrop.c.
    - CVE-2022-48281
  * SECURITY UPDATE: NULL pointer dereference
    - d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
      undefined behavior in tif_dir.c.
    - CVE-2023-2908
  * SECURITY UPDATE: NULL pointer dereference
    - d/p/0002-TIFFClose-avoid-NULL-pointer-dereferencing.-fix-515.patch: avoid
      NULL pointer dereferencing in tif_close.c.
    - CVE-2023-3316
  * SECURITY UPDATE: buffer overflow
    - d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
      return of writeSelections() in tiffcrop.c.
    - CVE-2023-3618
  * SECURITY UPDATE: heap-based buffer overflow
    - d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
      correctly update buffersize after rotateImage() and enlarge buffsize and
      check integer overflow within rotateImage() in tiffcrop.c.
    - CVE-2023-25433
  * SECURITY UPDATE: Use after free
    - d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
      not reuse input buffer for subsequent images in tiffcrop.c.
    - CVE-2023-26965
  * SECURITY UPDATE: buffer overflow
    - d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
      and correct for NaN data in uv_encode() in tif_luv.c.
    - CVE-2023-26966
  * SECURITY UPDATE: Integer overflow
    - d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
      memory corruption (overflow) in tiffcp.c.
    - CVE-2023-38288
  * SECURITY UPDATE: Integer overflow
    - d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
      integer overflow and bypass of the check in raw2tiff.c.
    - CVE-2023-38289

 -- Fabian Toepfer <email address hidden>  Mon, 07 Aug 2023 19:14:34 +0200
Superseded in lunar-updates
Superseded in lunar-security
tiff (4.5.0-5ubuntu1.1) lunar-security; urgency=medium

  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2023-2731.patch: avoid crash when trying to read again
      from a strip with a missing end-of-information marker in tif_lzw.c.
    - CVE-2023-2731
  * SECURITY UPDATE: NULL pointer dereference
    - d/p/0001-countInkNamesString-fix-UndefinedBehaviorSanitizer-a.patch: Fix
      undefined behavior in tif_dir.c.
    - CVE-2023-2908
  * SECURITY UPDATE: buffer overflow
    - d/p/0003-Consider-error-return-of-writeSelections.patch: Consider error
      return of writeSelections() in tiffcrop.c.
    - CVE-2023-3618
  * SECURITY UPDATE: heap-based buffer overflow
    - d/p/0004-tiffcrop-correctly-update-buffersize-after-rotateIma.patch:
      correctly update buffersize after rotateImage() and enlarge buffsize and
      check integer overflow within rotateImage() in tiffcrop.c.
    - CVE-2023-25433
  * SECURITY UPDATE: Use after free
    - d/p/0005-tiffcrop-Do-not-reuse-input-buffer-for-subsequent-im.patch: Do
      not reuse input buffer for subsequent images in tiffcrop.c.
    - CVE-2023-26965
  * SECURITY UPDATE: buffer overflow
    - d/p/0006-tif_luv-Check-and-correct-for-NaN-data-in-uv_encode.patch: Check
      and correct for NaN data in uv_encode() in tif_luv.c.
    - CVE-2023-26966
  * SECURITY UPDATE: Integer overflow
    - d/p/0007-tiffcp-fix-memory-corruption-overflow-on-hostile-ima.patch: fix
      memory corruption (overflow) in tiffcp.c.
    - CVE-2023-38288
  * SECURITY UPDATE: Integer overflow
    - d/p/0008-raw2tiff-fix-integer-overflow-and-bypass-of-the-chec.patch: fix
      integer overflow and bypass of the check in raw2tiff.c.
    - CVE-2023-38289

 -- Fabian Toepfer <email address hidden>  Mon, 07 Aug 2023 19:51:46 +0200
Superseded in mantic-release
Deleted in mantic-proposed (Reason: Moved to mantic)
tiff (4.5.0-6ubuntu1) mantic; urgency=medium

  * Merge from Debian unstable (LP: #2020707).  Remaining changes:
    - Don't build with LERC on i386 because it requires numpy
      (Closes: #1017958)

Available diffs

Superseded in mantic-release
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
tiff (4.5.0-5ubuntu1) lunar; urgency=high

  * Merge from Debian unstable. Remaining differences:
    - Don't build with LERC on i386 because it requires numpy
      (Closes: #1017958, LP: #2012540)

Available diffs

Published in bionic-updates
Published in bionic-security
tiff (4.0.9-5ubuntu0.10) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds reads
    - debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
      input image width and length parameters when only cropped image sections
      are rotated in tiffcrop.c.
    - CVE-2023-0795
    - CVE-2023-0796
    - CVE-2023-0797
    - CVE-2023-0798
    - CVE-2023-0799
  * SECURITY UPDATE: out-of-bounds writes
    - debian/patches/CVE-2023-0800.patch: added check for assumption on
      composite images in tiffcrop.c.
    - CVE-2023-0800
    - CVE-2023-0801
    - CVE-2023-0802
    - CVE-2023-0803
    - CVE-2023-0804

 -- Fabian Toepfer <email address hidden>  Fri, 03 Mar 2023 17:24:30 +0100
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.8) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds reads
    - debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
      input image width and length parameters when only cropped image sections
      are rotated in tiffcrop.c.
    - CVE-2023-0795
    - CVE-2023-0796
    - CVE-2023-0797
    - CVE-2023-0798
    - CVE-2023-0799
  * SECURITY UPDATE: out-of-bounds writes
    - debian/patches/CVE-2023-0800.patch: added check for assumption on
      composite images in tiffcrop.c.
    - CVE-2023-0800
    - CVE-2023-0801
    - CVE-2023-0802
    - CVE-2023-0803
    - CVE-2023-0804

 -- Fabian Toepfer <email address hidden>  Fri, 03 Mar 2023 17:20:24 +0100
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.4) jammy-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds reads
    - debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
      input image width and length parameters when only cropped image sections
      are rotated in tiffcrop.c.
    - CVE-2023-0795
    - CVE-2023-0796
    - CVE-2023-0797
    - CVE-2023-0798
    - CVE-2023-0799
  * SECURITY UPDATE: out-of-bounds writes
    - debian/patches/CVE-2023-0800.patch: added check for assumption on
      composite images in tiffcrop.c.
    - CVE-2023-0800
    - CVE-2023-0801
    - CVE-2023-0802
    - CVE-2023-0803
    - CVE-2023-0804

 -- Fabian Toepfer <email address hidden>  Fri, 03 Mar 2023 17:17:55 +0100
Obsolete in kinetic-updates
Obsolete in kinetic-security
tiff (4.4.0-4ubuntu3.3) kinetic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds reads
    - debian/patches/CVE-2023-0795.patch: Amend rotateImage() not to toggle the
      input image width and length parameters when only cropped image sections
      are rotated in tiffcrop.c.
    - CVE-2023-0795
    - CVE-2023-0796
    - CVE-2023-0797
    - CVE-2023-0798
    - CVE-2023-0799
  * SECURITY UPDATE: out-of-bounds writes
    - debian/patches/CVE-2023-0800.patch: added check for assumption on
      composite images in tiffcrop.c.
    - CVE-2023-0800
    - CVE-2023-0801
    - CVE-2023-0802
    - CVE-2023-0803
    - CVE-2023-0804

 -- Fabian Toepfer <email address hidden>  Fri, 03 Mar 2023 16:44:34 +0100
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
tiff (4.5.0-4ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable. Remaining differences:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)

Available diffs

Superseded in kinetic-updates
Superseded in kinetic-security
tiff (4.4.0-4ubuntu3.2) kinetic-security; urgency=critical

  * Backport security fix for CVE-2022-3970, fix (unsigned) integer overflow
    on strips/tiles > 2 GB in TIFFReadRGBATileExt() (closes: #1024737).

 -- Rico Tzschichholz <email address hidden>  Wed, 30 Nov 2022 16:24:00 +0100
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.3) jammy-security; urgency=medium

  * SECURITY UPDATE: unsigned integer overflow
    - debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
      TIFFReadRGBATile function in libtiff/tif_getimage.c.
    - CVE-2022-3970

 -- David Fernandez Gonzalez <email address hidden>  Thu, 01 Dec 2022 10:12:53 +0100
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.7) focal-security; urgency=medium

  * SECURITY UPDATE: unsigned integer overflow
    - debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
      TIFFReadRGBATile function in libtiff/tif_getimage.c.
    - CVE-2022-3970

 -- David Fernandez Gonzalez <email address hidden>  Thu, 01 Dec 2022 11:00:12 +0100
Superseded in bionic-updates
Superseded in bionic-security
tiff (4.0.9-5ubuntu0.9) bionic-security; urgency=medium

  * SECURITY UPDATE: unsigned integer overflow
    - debian/patches/CVE-2022-3970.patch: adds size_t type casts in the
      TIFFReadRGBATile function in libtiff/tif_getimage.c.
    - CVE-2022-3970

 -- David Fernandez Gonzalez <email address hidden>  Thu, 01 Dec 2022 10:22:37 +0100
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar)
tiff (4.4.0-6ubuntu1) lunar; urgency=critical

  * Merge from Debian unstable. Remaining differences:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)

Superseded in lunar-proposed
tiff (4.4.0-5ubuntu2) lunar; urgency=medium

  * Update symbols file for i386 where we build without LERC

Available diffs

Superseded in lunar-proposed
tiff (4.4.0-5ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable (LP #1997278). Remaining differences:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
    - Add CVE-2022-2519_2520_2521_2953.patch (Closes: #1024670)
  * Use Debian's patches for the fixes for the other recent CVEs

Superseded in lunar-proposed
Superseded in kinetic-updates
Superseded in kinetic-security
tiff (4.4.0-4ubuntu3.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: heap-overflow and double free in tiffcrop
    - debian/patches/CVE-2022-2519_2520_2521_2953.patch: Add checks and ends
      tiffcrop if -S arguments are not mutually exclusive.
    - CVE-2022-2519
    - CVE-2022-2520
    - CVE-2022-2521
    - CVE-2022-2953
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
      subroutines in tools/tiffcrop.c.
    - CVE-2022-3570
    - CVE-2022-3598
  * SECURITY UPDATE: out-of-bound write in tiffcrop
    - debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
      and related TIFFTAG_NUMBEROFINKS value
    - CVE-2022-3599
  * SECURITY UPDATE: out-of-bound write in tif_unix
    - debian/patches/CVE-2022-3626_3627.patch: disable incompatibility of -Z,
      -X, -Y, -z options with any PAGE_MODE_x option
    - CVE-2022-3626
    - CVE-2022-3627

 -- Nishit Majithia <email address hidden>  Wed, 02 Nov 2022 14:13:19 +0530
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.2) jammy-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read/write in tiffcrop
    - debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
      correcting uint32_t underflow
    - CVE-2022-2867
    - CVE-2022-2868
    - CVE-2022-2869
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
      subroutines in tools/tiffcrop.c.
    - CVE-2022-3570
    - CVE-2022-3598
  * SECURITY UPDATE: out-of-bound write in tiffcrop
    - debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
      and related TIFFTAG_NUMBEROFINKS value
    - CVE-2022-3599
  * SECURITY UPDATE: stack overflow in _TIFFVGetField
    - debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
      return FALSE when passed a codec-specific tag and the codec is not
      configured
    - CVE-2022-34526

 -- Nishit Majithia <email address hidden>  Wed, 02 Nov 2022 13:55:08 +0530
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read/write in tiffcrop
    - debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
      correcting uint32_t underflow
    - CVE-2022-2867
    - CVE-2022-2868
    - CVE-2022-2869
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
      subroutines in tools/tiffcrop.c.
    - CVE-2022-3570
    - CVE-2022-3598
  * SECURITY UPDATE: out-of-bound write in tiffcrop
    - debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
      and related TIFFTAG_NUMBEROFINKS value
    - CVE-2022-3599
  * SECURITY UPDATE: stack overflow in _TIFFVGetField
    - debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
      return FALSE when passed a codec-specific tag and the codec is not
      configured
    - CVE-2022-34526

 -- Nishit Majithia <email address hidden>  Tue, 01 Nov 2022 20:55:02 +0530
Superseded in bionic-updates
Superseded in bionic-security
tiff (4.0.9-5ubuntu0.8) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bound read/write in tiffcrop
    - debian/patches/CVE-2022-2867_2868_2869.patch: Fix heap-buffer-overflow by
      correcting uint32_t underflow
    - CVE-2022-2867
    - CVE-2022-2868
    - CVE-2022-2869
  * SECURITY UPDATE: heap-based buffer overflow
    - debian/patches/CVE-2022-3570_3598.patch: increases buffer sizes for
      subroutines in tools/tiffcrop.c.
    - CVE-2022-3570
    - CVE-2022-3598
  * SECURITY UPDATE: out-of-bound write in tiffcrop
    - debian/patches/CVE-2022-3599.patch: Revised handling of TIFFTAG_INKNAMES
      and related TIFFTAG_NUMBEROFINKS value
    - CVE-2022-3599
  * SECURITY UPDATE: stack overflow in _TIFFVGetField
    - debian/patches/CVE-2022-34526.patch: Add _TIFFCheckFieldIsValidForCodec()
      return FALSE when passed a codec-specific tag and the codec is not
      configured
    - CVE-2022-34526

 -- Nishit Majithia <email address hidden>  Tue, 01 Nov 2022 20:45:49 +0530
Superseded in jammy-updates
Superseded in jammy-security
tiff (4.3.0-6ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: buffer overflow issue in tiffinfo tool
    - debian/patches/CVE-2022-1354.patch: TIFFReadDirectory: fix OJPEG hack
    - CVE-2022-1354
  * SECURITY UPDATE: buffer overflow issue in tiffcp tool
    - debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
      "mode" string.
    - CVE-2022-1355
  * SECURITY UPDATE: Divide By Zero error in tiffcrop
    - debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
    - CVE-2022-2056
    - CVE-2022-2057
    - CVE-2022-2058

 -- Nishit Majithia <email address hidden>  Fri, 19 Sep 2022 19:24:29 +0530
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow issue in tiffinfo tool
    - debian/patches/CVE-2022-1354.patch: TIFFReadDirectory: fix OJPEG hack
    - CVE-2022-1354
  * SECURITY UPDATE: buffer overflow issue in tiffcp tool
    - debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
      "mode" string.
    - CVE-2022-1355
  * SECURITY UPDATE: Divide By Zero error in tiffcrop
    - debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
    - CVE-2022-2056
    - CVE-2022-2057
    - CVE-2022-2058

 -- Nishit Majithia <email address hidden>  Fri, 19 Sep 2022 19:19:45 +0530
Superseded in bionic-updates
Superseded in bionic-security
tiff (4.0.9-5ubuntu0.7) bionic-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds read error in tiffcrop
    - debian/patches/CVE-2020-19131.patch: fix invertImage() for bps 2 and 4.
    - CVE-2020-19131
  * SECURITY UPDATE: out-of-bounds read error when executing LogLuv
    compression routines
    - debian/patches/CVE-2020-19144.patch: LogLuvSetupEncode() error must
      return 0.
    - CVE-2020-19144
  * SECURITY UPDATE: buffer overflow issue in tiffcp tool
    - debian/patches/CVE-2022-1355.patch: tiffcp: avoid buffer overflow in
      "mode" string.
    - CVE-2022-1355
  * SECURITY UPDATE: Divide By Zero error in tiffcrop
    - debian/patches/CVE-2022-2056_2057_2058.patch: fix the FPE in tiffcrop
    - CVE-2022-2056
    - CVE-2022-2057
    - CVE-2022-2058

 -- Nishit Majithia <email address hidden>  Fri, 16 Sep 2022 19:12:06 +0530
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: NULL Pointer Dereference
    - debian/patches/CVE-2022-0907.patch: add checks for return value of
    limitMalloc in tools/tiffcrop.c.
    - debian/patches/CVE-2022-0908.patch: avoid
    calling memcpy() with a null source pointer and size of zero in
    libtiff/tif_dirread.c.
    - CVE-2022-0907
    - CVE-2022-0908
  * SECURITY UPPDATE: floating point exception
    - debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
    checking if variable is Nan in libtiff/tif_dir.c.
    - CVE-2022-0909
  * SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
    - debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
    tools/tiffcp.c.
    - CVE-2022-0924
  * SECURITY UPDATE: out-of-bounds with custom tag
    - debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
    for ASCII tags where count is required in tools/tiffset.c.
    - CVE-2022-22844

 -- David Fernandez Gonzalez <email address hidden>  Wed, 07 Sep 2022 11:01:17 +0200
Superseded in bionic-updates
Superseded in bionic-security
tiff (4.0.9-5ubuntu0.6) bionic-security; urgency=medium

  * SECURITY UPDATE: NULL Pointer Dereference
    - debian/patches/CVE-2022-0907.patch: add checks for return value of
    limitMalloc in tools/tiffcrop.c.
    - debian/patches/CVE-2022-0908.patch: avoid
    calling memcpy() with a null source pointer and size of zero in
    libtiff/tif_dirread.c.
    - CVE-2022-0907
    - CVE-2022-0908
  * SECURITY UPPDATE: floating point exception
    - debian/patches/CVE-2022-0909.patch: fix the FPE in tiffcrop by
    checking if variable is Nan in libtiff/tif_dir.c.
    - CVE-2022-0909
  * SECURITY UPDATE: heap buffer overflow in cpContigBufToSeparateBuf
    - debian/patches/CVE-2022-0924.patch: fix heap buffer overflow in
    tools/tiffcp.c.
    - CVE-2022-0924
  * SECURITY UPDATE: out-of-bounds with custom tag
    - debian/patches/CVE-2022-22844.patch: fix global-buffer-overflow
    for ASCII tags where count is required in tools/tiffset.c.
    - CVE-2022-22844

 -- David Fernandez Gonzalez <email address hidden>  Thu, 08 Sep 2022 17:07:14 +0200
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
tiff (4.4.0-4ubuntu3) kinetic; urgency=medium

  * Don't build with LERC on i386 because it requires numpy (Closes: #1017958)

 -- Jeremy Bicha <email address hidden>  Tue, 23 Aug 2022 11:30:38 -0400
Superseded in kinetic-proposed
tiff (4.4.0-4ubuntu2) kinetic; urgency=medium

  * Drop this delta as the MIR (LP #1977551) was approved (this package
    can be a sync now):
    - d/control, d/libtiff5.symbols: drop liblerc-dev build-dependency and
      the TIFFInitLERC symbol since that library is in universe and tiff
      is in main (LP #1984327)

 -- Andreas Hasenack <email address hidden>  Thu, 18 Aug 2022 10:19:04 -0300

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
tiff (4.4.0-4ubuntu1) kinetic; urgency=medium

  * d/control, d/libtiff5.symbols: drop liblerc-dev build-dependency and
    the TIFFInitLERC symbol since that library is in universe and tiff
    is in main (LP: #1984327)

 -- Andreas Hasenack <email address hidden>  Wed, 10 Aug 2022 15:40:59 -0300
Superseded in kinetic-proposed
tiff (4.4.0-4) unstable; urgency=high

  * Backport security fix for CVE-2022-34526, denial of service via a crafted
    TIFF file.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 06 Aug 2022 15:19:15 +0200

Available diffs

Superseded in kinetic-proposed
tiff (4.4.0-3) unstable; urgency=high

  * Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058,
    divide by zero error in tiffcrop (closes: #1014494).
  * Update libtiff5 symbols.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 08 Jul 2022 19:02:43 +0200

Available diffs

Superseded in kinetic-proposed
tiff (4.4.0-2) unstable; urgency=medium

  * Adjust library symbols with LERC build architectures.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 30 May 2022 18:04:05 +0200

Available diffs

Superseded in kinetic-proposed
tiff (4.4.0-1) unstable; urgency=medium

  * New upstream release.
  * Backport upstream fix for adding 4.4.0 changes file to documentation.
  * Build with LERC compression support (closes: #990789).
  * Update libtiff5 symbols.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 29 May 2022 12:28:49 +0200

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
tiff (4.4.0~rc1-1) unstable; urgency=medium

  * New upstream release candidate version.
  * Update libtiff5 symbols.
  * Update watch file.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 21 May 2022 15:41:44 +0200

Available diffs

Superseded in kinetic-proposed
tiff (4.3.0-8) unstable; urgency=high

  * Backport correct security fix for CVE-2022-1355, stack buffer overflow in
    "mode" string (closes: #1011160).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 17 May 2022 21:38:14 +0200

Available diffs

Obsolete in impish-updates
Obsolete in impish-security
tiff (4.3.0-1ubuntu0.1) impish-security; urgency=medium

  * SECURITY UPDATE: null pointer in TIFFReadDirectory
    - debian/patches/CVE-2022-0561.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0561
  * SECURITY UPDATE: null pointer in TIFFFetchStripThing
    - debian/patches/CVE-2022-0562.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0562
  * SECURITY UPDATE: denial of service through assertion failure.
    - debian/patches/CVE-2022-0865.patch: reset flags to initial state
      when file has multiple IFD and when bit reversal is needed in
      libtiff/tif_jbig.c.
    - CVE-2022-0865
  * SECURITY UPDATE: heap buffer overflow in ExtractImageSection
    - debian/patches/CVE-2022-0891.patch: correct wrong formula for
      image row size calculation in tools/tiffcrop.c.
    - CVE-2022-0891

 -- David Fernandez Gonzalez <email address hidden>  Wed, 11 May 2022 17:07:59 +0200
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.3) focal-security; urgency=medium

  * SECURITY UPDATE: malloc failure in TIFF2RGBA tool
    - debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
      limit in tools/tiff2rgba.c.
    - CVE-2020-35522
  * SECURITY UPDATE: null pointer in TIFFReadDirectory
    - debian/patches/CVE-2022-0561.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0561
  * SECURITY UPDATE: null pointer in TIFFFetchStripThing
    - debian/patches/CVE-2022-0562.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0562
  * SECURITY UPDATE: denial of service through assertion failure.
    - debian/patches/CVE-2022-0865.patch: reset flags to initial state
      when file has multiple IFD and when bit reversal is needed in
      libtiff/tif_jbig.c.
    - CVE-2022-0865
  * SECURITY UPDATE: heap buffer overflow in ExtractImageSection
    - debian/patches/CVE-2022-0891.patch: correct wrong formula for
      image row size calculation in tools/tiffcrop.c.
    - CVE-2022-0891

 -- David Fernandez Gonzalez <email address hidden>  Thu, 12 May 2022 17:05:25 +0200
Superseded in bionic-updates
Superseded in bionic-security
tiff (4.0.9-5ubuntu0.5) bionic-security; urgency=medium

  * SECURITY UPDATE: malloc failure in TIFF2RGBA tool
    - debian/patches/CVE-2020-35522.patch: enforce (configurable) memory
      limit in tools/tiff2rgba.c.
    - CVE-2020-35522
  * SECURITY UPDATE: null pointer in TIFFReadDirectory
    - debian/patches/CVE-2022-0561.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0561
  * SECURITY UPDATE: null pointer in TIFFFetchStripThing
    - debian/patches/CVE-2022-0562.patch: add sanity check to ensure
      pointer provided to memcpy is not null in libtiff/tif_dirread.c.
    - CVE-2022-0562
  * SECURITY UPDATE: denial of service through assertion failure.
    - debian/patches/CVE-2022-0865.patch: reset flags to initial state
      when file has multiple IFD and when bit reversal is needed in
      libtiff/tif_jbig.c.
    - CVE-2022-0865
  * SECURITY UPDATE: heap buffer overflow in ExtractImageSection
    - debian/patches/CVE-2022-0891.patch: correct wrong formula for
      image row size calculation in tools/tiffcrop.c.
    - CVE-2022-0891

 -- David Fernandez Gonzalez <email address hidden>  Wed, 11 May 2022 17:09:42 +0200
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic)
tiff (4.3.0-7) unstable; urgency=high

  * Backport security fix for CVE-2022-1354, heap buffer overflow in
    TIFFReadRawDataStriped().
  * Fix segmentation fault printing GPS directory if Altitude tag is present.
  * Fix segmentation fault due to field_name=NULL.
  * Backport security fix for CVE-2022-1355, stack buffer overflow in "mode"
    string.
  * Update libtiff5 symbols.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 25 Apr 2022 22:24:06 +0200

Available diffs

Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
tiff (4.3.0-6) unstable; urgency=high

  * Backport security fix for CVE-2022-0908, null source pointer passed as an
    argument to memcpy() function within TIFFFetchNormalTag().
  * Backport security fix for CVE-2022-0907, unchecked return value to null
    pointer dereference in tiffcrop.
  * Backport security fix for CVE-2022-0909, divide by zero error in
    tiffcrop.
  * Backport security fix for CVE-2022-0891, heap buffer overflow in
    ExtractImageSection function in tiffcrop.
  * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 13 Mar 2022 11:00:15 +0100

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
tiff (4.3.0-5) unstable; urgency=high

  * Backport security fix for CVE-2022-0865, crash when reading a file with
    multiple IFD in memory-mapped mode and when bit reversal is needed.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 07 Mar 2022 22:23:21 +0100

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
tiff (4.3.0-4) unstable; urgency=high

  * Backport security fix for CVE-2022-0561, TIFFFetchStripThing(): avoid
    calling memcpy() with a null source pointer and size of zero.
  * Backport security fix for CVE-2022-0562, TIFFReadDirectory(): avoid
    calling memcpy() with a null source pointer and size of zero.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 12 Feb 2022 21:21:45 +0100
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
tiff (4.3.0-3build1) jammy; urgency=medium

  * No-change rebuild against latest libwebp

 -- Jeremy Bicha <email address hidden>  Tue, 01 Feb 2022 09:03:53 -0500
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
tiff (4.3.0-3) unstable; urgency=high

  * Backport security fix for CVE-2022-22844: global-buffer-overflow for
    ASCII tags where count is required.

  [ Helmut Grohne <email address hidden> ]
  * Drop unused Build-Depends: libxmu-dev (closes: #981265).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 26 Jan 2022 17:49:14 +0100

Available diffs

Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: buffer overflow via TIFFTAG_PREDICTOR
    - debian/patches/CVE-2020-19143.patch: TIFFTAG_PREDICTOR is not
      supported for WebP in libtiff/tif_dirinfo.c, tools/tiffcp.c.
    - CVE-2020-19143

 -- Marc Deslauriers <email address hidden>  Fri, 17 Sep 2021 09:14:04 -0400
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy)
tiff (4.3.0-2) unstable; urgency=medium

  * Upload to Sid.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 05 Sep 2021 19:25:09 +0200

Available diffs

Superseded in jammy-release
Obsolete in impish-release
Deleted in impish-proposed (Reason: Moved to impish)
tiff (4.3.0-1) experimental; urgency=medium

  * New upstream release.
  * Remove libport_dummy_function@LIBTIFF_4.0 symbol as no longer part of
    the libraries.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 01 Jun 2021 08:19:06 +0200
Superseded in impish-release
Obsolete in hirsute-release
Deleted in hirsute-proposed (Reason: Moved to hirsute)
tiff (4.2.0-1build1) hirsute; urgency=medium

  * No-change rebuild to build with lto.

 -- Matthias Klose <email address hidden>  Sun, 28 Mar 2021 09:10:31 +0200
Superseded in focal-updates
Superseded in focal-security
tiff (4.1.0+git191117-2ubuntu0.20.04.1) focal-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in tif_getimage.c
    - debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
      libtiff/tif_getimage.c.
    - CVE-2020-35523
  * SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
    - debian/patches/CVE-2020-35524.patch: properly calculate datasize when
      saving to JPEG YCbCr in tools/tiff2pdf.c.
    - CVE-2020-35524

 -- Marc Deslauriers <email address hidden>  Thu, 25 Feb 2021 07:36:40 -0500
Obsolete in groovy-updates
Obsolete in groovy-security
tiff (4.1.0+git191117-2ubuntu0.20.10.1) groovy-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in tif_getimage.c
    - debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
      libtiff/tif_getimage.c.
    - CVE-2020-35523
  * SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
    - debian/patches/CVE-2020-35524.patch: properly calculate datasize when
      saving to JPEG YCbCr in tools/tiff2pdf.c.
    - CVE-2020-35524

 -- Marc Deslauriers <email address hidden>  Thu, 25 Feb 2021 07:34:24 -0500
Superseded in bionic-updates
Superseded in bionic-security
tiff (4.0.9-5ubuntu0.4) bionic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in tif_getimage.c
    - debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
      libtiff/tif_getimage.c.
    - CVE-2020-35523
  * SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
    - debian/patches/CVE-2020-35524.patch: properly calculate datasize when
      saving to JPEG YCbCr in tools/tiff2pdf.c.
    - CVE-2020-35524

 -- Marc Deslauriers <email address hidden>  Thu, 25 Feb 2021 07:37:14 -0500
Published in xenial-updates
Published in xenial-security
tiff (4.0.6-1ubuntu0.8) xenial-security; urgency=medium

  * SECURITY UPDATE: Integer overflow in tif_getimage.c
    - debian/patches/CVE-2020-35523.patch: check Tile width for overflow in
      libtiff/tif_getimage.c.
    - CVE-2020-35523
  * SECURITY UPDATE: Heap-based buffer overflow in TIFF2PDF tool
    - debian/patches/CVE-2020-35524.patch: properly calculate datasize when
      saving to JPEG YCbCr in tools/tiff2pdf.c.
    - CVE-2020-35524

 -- Marc Deslauriers <email address hidden>  Thu, 25 Feb 2021 07:38:05 -0500
Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: Moved to hirsute)
tiff (4.2.0-1) unstable; urgency=medium

  * New upstream release.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 21 Dec 2020 15:06:46 +0100
Superseded in hirsute-release
Deleted in hirsute-proposed (Reason: moved to Release)
tiff (4.1.0+git201212-1ubuntu1) hirsute; urgency=medium

  * Don't build deflate, package is in universe, and it likely
    will be a while before a MIR is filed and processed ...
    This makes libtiff5 installable again.

 -- Matthias Klose <email address hidden>  Wed, 16 Dec 2020 18:21:44 +0100
175 of 280 results