Univention Bugzilla – Bug 56388
tiff: Multiple issues (5.0)
Last modified: 2023-08-02 16:06:30 CEST
New Debian tiff 4.1.0+git191117-2~deb10u8 fixes: This update addresses the following issues: 4.1.0+git191117-2~deb10u8 (Mon, 31 Jul 2023 21:39:33 +0300) * Non-maintainer upload by the LTS Security Team. * CVE-2023-2908: NULL pointer dereference in tif_dir.c * CVE-2023-3316: NULL pointer dereference in TIFFClose() * CVE-2023-3618: Buffer overflow in tiffcrop * CVE-2023-25433: Buffer overflow in tiffcrop * CVE-2023-26965: Use after free in tiffcrop * CVE-2023-26966: Buffer overflow in uv_encode() * CVE-2023-38288: Integer overflow in tiffcp * CVE-2023-38289: Integer overflow in raw2tiff
--- mirror/ftp/pool/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.dsc +++ apt/ucs_5.0-0-errata5.0-4/source/tiff_4.1.0+git191117-2~deb10u8.dsc @@ -1,3 +1,15 @@ +4.1.0+git191117-2~deb10u8 [Mon, 31 Jul 2023 21:39:33 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * CVE-2023-2908: NULL pointer dereference in tif_dir.c + * CVE-2023-3316: NULL pointer dereference in TIFFClose() + * CVE-2023-3618: Buffer overflow in tiffcrop + * CVE-2023-25433: Buffer overflow in tiffcrop + * CVE-2023-26965: Use after free in tiffcrop + * CVE-2023-26966: Buffer overflow in uv_encode() + * CVE-2023-38288: Integer overflow in tiffcp + * CVE-2023-38289: Integer overflow in raw2tiff + 4.1.0+git191117-2~deb10u7 [Tue, 21 Feb 2023 20:40:34 +0100] Markus Koschany <apo@debian.org>: * Non-maintainer upload by the LTS team. <http://piuparts.knut.univention.de/5.0-4/#7984137114869444225>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-4] e55bb62085 Bug #56388: tiff 4.1.0+git191117-2~deb10u8 doc/errata/staging/tiff.yaml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) [5.0-4] 9ee48a2cea Bug #56388: tiff 4.1.0+git191117-2~deb10u8 doc/errata/staging/tiff.yaml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x755>