Changelog
tiff (4.0.7-1) unstable; urgency=high
* New upstream release.
* Fixes the following vulnerabilities:
- CVE-2015-7313, OOM when parsing crafted tiff files (closes: #800124),
- CVE-2016-3622, denial of service (divide-by-zero error) via
the fpAcc function in tif_predict.c (closes: #820365),
- CVE-2016-3945, multiple integer overflows in the tiff2rgba tool,
- CVE-2016-3990, write buffer overflow in PixarLogEncode,
- CVE-2016-3991 and CVE-2016-5322, heap-based buffer overflow in the
loadImage function,
- CVE-2016-9273, heap-buffer-overflow in cpStrips (closes: #844013),
- CVE-2016-9297, segfault in _TIFFPrintField() (closes: #844226),
- CVE-2016-9448, in TIFFFetchNormalTag(), do not dereference NULL pointer
(regression of CVE-2016-9297),
- heap buffer overflow via writeBufferToSeparateStrips() in tiffcrop.
* Remove backported vulnerability fixes, this release contains those.
* Update libtiff5 symbols.
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 19 Nov 2016 18:05:24 +0000