New Debian tiff 4.0.8-2+deb9u7 fixes: This update addresses the following issues: * a buffer overflow via the "invertImage()" may lead to DoS (CVE-2020-19131) * heap-based buffer overflow in _TIFFmemcpy() in tif_unix.c (CVE-2020-19144)
--- mirror/ftp/4.4/unmaintained/component/4.4-8-errata/source/tiff_4.0.8-2+deb9u6.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/tiff_4.0.8-2+deb9u7.dsc @@ -1,3 +1,11 @@ +4.0.8-2+deb9u7 [Sat, 18 Sep 2021 18:41:25 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Add patch so that LogLuvSetupEncode() error + must return 0. (Fixes: CVE-2020-19144) + * Add patch to fix invertImage() for bps + 2 and 4. (Fixes: CVE-2020-19131) + 4.0.8-2+deb9u6 [Sun, 27 Jun 2021 13:03:02 +0200] Thorsten Alteholz <debian@alteholz.de>: * Non-maintainer upload by the LTS Team. <http://piuparts.knut.univention.de/4.4-8/#5459938673782027106>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 1dd8cf05ff Bug #53867: tiff 4.0.8-2+deb9u7 doc/errata/staging/tiff.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1065>