Univention Bugzilla – Bug 53545
tiff: Multiple issues (4.4)
Last modified: 2021-07-07 16:34:09 CEST
New Debian tiff 4.0.8-2+deb9u6 fixes: This update addresses the following issues: * Integer overflow in tif_getimage.c (CVE-2020-35523) * Heap-based buffer overflow in TIFF2PDF tool (CVE-2020-35524)
--- mirror/ftp/4.4/unmaintained/4.4-5/source/tiff_4.0.8-2+deb9u5.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/tiff_4.0.8-2+deb9u6.dsc @@ -1,3 +1,13 @@ +4.0.8-2+deb9u6 [Sun, 27 Jun 2021 13:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2020-35523 + Processing a specially crafted tiff-file may result in denial of + service or the execution of arbitrary code. + * CVE-2020-35524 + Processing a specially crafted tiff-file may result in denial of + service or the execution of arbitrary code. + 4.0.8-2+deb9u5 [Fri, 17 Apr 2020 16:28:49 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>: * Backport security fixes: <http://piuparts.knut.univention.de/4.4-8/#5459938673780944581>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] eb09612838 Bug #53545: tiff 4.0.8-2+deb9u6 doc/errata/staging/tiff.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1006>