[ubuntu/lunar-proposed] tiff 4.4.0-5ubuntu2 (Accepted)

Wed Nov 23 13:40:13 UTC 2022

tiff (4.4.0-5ubuntu2) lunar; urgency=medium

  * Update symbols file for i386 where we build without LERC

tiff (4.4.0-5ubuntu1) lunar; urgency=medium

  * Merge from Debian unstable (LP #1997278). Remaining differences:
    - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
    - Add CVE-2022-2519_2520_2521_2953.patch (Closes: #1024670)
  * Use Debian's patches for the fixes for the other recent CVEs

tiff (4.4.0-5) unstable; urgency=high

  * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627,
    out of bounds write and denial of service via a crafted TIFF file.
  * Backport security fix for CVE-2022-3570, multiple heap buffer overflows
    via crafted TIFF file.
  * Backport security fix for CVE-2022-3599, denial-of-service via a crafted
    TIFF file.
  * Backport security fix for CVE-2022-3598, denial-of-service via a crafted
    TIFF file (closes: #1022555).

Date: Wed, 23 Nov 2022 08:38:35 -0500
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/tiff/4.4.0-5ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Nov 2022 08:38:35 -0500
Source: tiff
Built-For-Profiles: noudeb
Architecture: source
Version: 4.4.0-5ubuntu2
Distribution: lunar
Urgency: high
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Jeremy Bicha <jbicha at ubuntu.com>
Closes: 1017958 1022555 1024670
Changes:
 tiff (4.4.0-5ubuntu2) lunar; urgency=medium
 .
   * Update symbols file for i386 where we build without LERC
 .
 tiff (4.4.0-5ubuntu1) lunar; urgency=medium
 .
   * Merge from Debian unstable (LP #1997278). Remaining differences:
     - Don't build with LERC on i386 because it requires numpy (Closes: #1017958)
     - Add CVE-2022-2519_2520_2521_2953.patch (Closes: #1024670)
   * Use Debian's patches for the fixes for the other recent CVEs
 .
 tiff (4.4.0-5) unstable; urgency=high
 .
   * Backport security fix for CVE-2022-3597, CVE-2022-3626 and CVE-2022-3627,
     out of bounds write and denial of service via a crafted TIFF file.
   * Backport security fix for CVE-2022-3570, multiple heap buffer overflows
     via crafted TIFF file.
   * Backport security fix for CVE-2022-3599, denial-of-service via a crafted
     TIFF file.
   * Backport security fix for CVE-2022-3598, denial-of-service via a crafted
     TIFF file (closes: #1022555).
Checksums-Sha1:
 fac72c6b705023fe8a3a9904fa624d3878326b5f 2351 tiff_4.4.0-5ubuntu2.dsc
 5f2c8aea7dd753b2d68683a70a8847ca67ffd076 2072723 tiff_4.4.0.orig.tar.bz2
 2871ff39c170b4c220c09cdca78cfe617a3ef204 33528 tiff_4.4.0-5ubuntu2.debian.tar.xz
 547371312458fa9bc32a5623ff4899ac9d88d5b7 8503 tiff_4.4.0-5ubuntu2_source.buildinfo
Checksums-Sha256:
 195c35a1989959d141080aeeedda91afaa55ce3aba8411c402b70f775e0ddec9 2351 tiff_4.4.0-5ubuntu2.dsc
 ce0848109b627eb5442187b6362a8e4809728e4f28fcc5a04940e5afb464caba 2072723 tiff_4.4.0.orig.tar.bz2
 334f8db790f95c33287d44767114fb5beb5565fa73138d9a4d938e6eea82e3d4 33528 tiff_4.4.0-5ubuntu2.debian.tar.xz
 0a576b463f0a669ae76307e023a98900a6f6123b12c0e3bd6e5e2ed327576e60 8503 tiff_4.4.0-5ubuntu2_source.buildinfo
Files:
 0550c3b27f827db9ffbfaa32dd5f645c 2351 libs optional tiff_4.4.0-5ubuntu2.dsc
 ba175e36b1f6929da1c3c676b98c5db3 2072723 libs optional tiff_4.4.0.orig.tar.bz2
 f6ca7f4a7396d9c8a4d57f0f2d494902 33528 libs optional tiff_4.4.0-5ubuntu2.debian.tar.xz
 a3c52de399cb3f12d38d30e7cb3eb3af 8503 libs optional tiff_4.4.0-5ubuntu2_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>