-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jan 2018 20:53:45 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Moritz Muehlenhoff <jmm@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 866109 868513 872607 873879 873880 885985
Changes:
 tiff (4.0.3-12.3+deb8u5) jessie-security; urgency=high
 .
   [ Laszlo Boszormenyi (GCS) ]
   * Fix CVE-2017-11335: heap based buffer write overflow in tiff2pdf
     (closes: #868513).
   * Fix CVE-2017-12944: OOM prevention in TIFFReadDirEntryArray()
     (closes: #872607).
   * Fix CVE-2017-13726: reachable assertion abort in TIFFWriteDirectorySec()
     (closes: #873880).
   * Fix CVE-2017-13727: reachable assertion abort in
     TIFFWriteDirectoryTagSubifd() (closes: #873879).
   * Fix CVE-2017-18013: NULL pointer dereference in TIFFPrintDirectory()
     (closes: #885985).
   * Fix CVE-2017-9935: heap-based buffer overflow in the t2p_write_pdf()
     function (closes: #866109).
 .
   [ Moritz Muehlenhoff ]
   * CVE-2016-10371
Checksums-Sha1:
 5286070ac9dad8f79a58dce68a6f5d5a5709a43a 2240 tiff_4.0.3-12.3+deb8u5.dsc
 3b5963a07b791621522bb9864ef59d9cd2c41296 63224 tiff_4.0.3-12.3+deb8u5.debian.tar.xz
 2f2b14c7d1d8d381fcdd8158cf1ab3a1c31ae519 370430 libtiff-doc_4.0.3-12.3+deb8u5_all.deb
 c3427c5d04e4ed47bcafa2b7a3c59e1fa90295e3 221468 libtiff5_4.0.3-12.3+deb8u5_amd64.deb
 785743a2a3392106c8095442a518d45d74a313d7 80930 libtiffxx5_4.0.3-12.3+deb8u5_amd64.deb
 b4559d4bb6582933deb0a0e906cfc54eeaba7f2d 343556 libtiff5-dev_4.0.3-12.3+deb8u5_amd64.deb
 ed40c22817692b79a05dd5d2420aa132a8a8f571 274274 libtiff-tools_4.0.3-12.3+deb8u5_amd64.deb
 81db38b5f8ba38422716eeacfd6da919b1bf08a8 85868 libtiff-opengl_4.0.3-12.3+deb8u5_amd64.deb
Checksums-Sha256:
 69fe805e2304bc369b2200636988cb7bd5d38f6e0daf9ad0eaaf96ffaea8d464 2240 tiff_4.0.3-12.3+deb8u5.dsc
 d43190b75bb70c05701afc8c061f49c75433b5d9965fd57df68e334195b267c4 63224 tiff_4.0.3-12.3+deb8u5.debian.tar.xz
 46dda733fe0b9206c41cfd11b1aaa823bbcf971c5300edaabc976ff17cb16609 370430 libtiff-doc_4.0.3-12.3+deb8u5_all.deb
 2bdb12e49dd579e1ad8f27c709efff9ed2578560b235ec964ffba82459423834 221468 libtiff5_4.0.3-12.3+deb8u5_amd64.deb
 bfe0fb6f79fae2901b5b12d0cd68b6598528f2e01585e96eb053ce0a97c6a4ca 80930 libtiffxx5_4.0.3-12.3+deb8u5_amd64.deb
 c2609f6341939315cbbfdf6c4d7ccaeb2372002763ccc6ec94299d518fad7b95 343556 libtiff5-dev_4.0.3-12.3+deb8u5_amd64.deb
 5af7bea70a18bbcfd98ee0b78c1c687fd6d855a69daa3d4a1eea7dabdf6fb777 274274 libtiff-tools_4.0.3-12.3+deb8u5_amd64.deb
 4f627fb090becf70f3c94ca9305b52db93645603fa6c9406236202969bb624f6 85868 libtiff-opengl_4.0.3-12.3+deb8u5_amd64.deb
Files:
 10f0251f4045702e0880d89b54df8568 2240 libs optional tiff_4.0.3-12.3+deb8u5.dsc
 17d67f197d3f6b8e45081f3f2c2ef67d 63224 libs optional tiff_4.0.3-12.3+deb8u5.debian.tar.xz
 f5fdd9aba64b15b8d1155e34e70a2e5c 370430 doc optional libtiff-doc_4.0.3-12.3+deb8u5_all.deb
 5ebd46638fd112f5ef610d6cf2ed6234 221468 libs optional libtiff5_4.0.3-12.3+deb8u5_amd64.deb
 b6b610757f2ef0226da8cae5774b6ae5 80930 libs optional libtiffxx5_4.0.3-12.3+deb8u5_amd64.deb
 6d6f84d18cf1e20178dd1e7d9d07add6 343556 libdevel optional libtiff5-dev_4.0.3-12.3+deb8u5_amd64.deb
 92a9a989d700fe995da70fa3d9618fe7 274274 graphics optional libtiff-tools_4.0.3-12.3+deb8u5_amd64.deb
 9aa51919e9edc1edd7bce248084f2822 85868 graphics optional libtiff-opengl_4.0.3-12.3+deb8u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlprtP4ACgkQEMKTtsN8
TjZaGw//cdAKEU1dhpWZx+2HL5ghvk4u7hoyWNmMUWJ+O/QOStLqmwGQ7QC3zw0k
QBq9EsfLcX/atSCEYaLpPNMygCkRk23j0wq4C0qBssMgSkogoIpnlCZ28ZBiynqe
SY9LYU2DezULlYjsSxRpVRwNgHD5PXT6HppGWb0P5XAxahKb9+wq3jyYtn3e5r/e
95G70T67RXX2gexynWkIkD0Or0JliVffC6RJkHiyqXAPRzOfAayQnUrb3Kbn5MHW
Mmm5bor9xshEAqjXNIjJvFHKFiqxzpJ70w4DU5ss3XVRpxmbPvCNU2BkwhWEF5lZ
UKy0yFcCJnbqYwhFZ8Et9Qaklu8ZvnH+GboPEXUb9+ATsaheXOB9PFHl4syt2/Vp
zudHUN/Gh37A1mCMeVlcRfr48Ez0lU3MMaDAXLncXHQiYCAwoWwonQdnR7nBC7Zg
SWdZ0WqniJf2sibVxyIf5GQYp+f/yk2Pl9s5XiCp9uXoAAiAAwpagxvBMjtV95Xx
yNAPM5A2lX4HsbITmsu7WP1XjkwZcs2iCNCq67+JsPA7Zye66z0vRymnMh16/QWN
o6jvTM/1XJwBFiErBwrbz5LngtDczEqtdprji5xHOte9sP3QM54M0OrqUFy/+TNk
i4LAKR4pHvnWh3Xm9gsslpyEz7bCumYdQuYQkNsO1B4U4ePlzPk=
=n2QL
-----END PGP SIGNATURE-----