[ubuntu/questing-proposed] tiff 4.7.0-3ubuntu2 (Accepted)

Nishit Majithia nishit.majithia at canonical.com
Thu Aug 21 13:02:16 UTC 2025 

tiff (4.7.0-3ubuntu2) questing; urgency=medium

  * SECURITY UPDATE: null-pointer dereference
    - d/p/CVE-2024-13978.patch: fix in fax2ps caused by regression where
      TIFFTAG_FAXFILLFUNC is being used rather than an output buffer.
    - d/p/CVE-2025-8534.patch: tiff2ps: check return of TIFFGetFiled() to
      fix
    - CVE-2024-13978
    - CVE-2025-8534
  * SECURITY UPDATE: use-after-free issue
    - d/p/CVE-2025-8176.patch: fix heap use-after-free in tiffmedian
    - CVE-2025-8176

Date: Wed, 20 Aug 2025 15:42:44 +0530
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.7.0-3ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 20 Aug 2025 15:42:44 +0530
Source: tiff
Built-For-Profiles: noudeb
Architecture: source
Version: 4.7.0-3ubuntu2
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
Changes:
 tiff (4.7.0-3ubuntu2) questing; urgency=medium
 .
   * SECURITY UPDATE: null-pointer dereference
     - d/p/CVE-2024-13978.patch: fix in fax2ps caused by regression where
       TIFFTAG_FAXFILLFUNC is being used rather than an output buffer.
     - d/p/CVE-2025-8534.patch: tiff2ps: check return of TIFFGetFiled() to
       fix
     - CVE-2024-13978
     - CVE-2025-8534
   * SECURITY UPDATE: use-after-free issue
     - d/p/CVE-2025-8176.patch: fix heap use-after-free in tiffmedian
     - CVE-2025-8176
Checksums-Sha1:
 aaa147c7f0e19e42f225fa0a8c4cd117383b70c8 2368 tiff_4.7.0-3ubuntu2.dsc
 ee934298213b44e5064ea67988e8bb62262e2824 26264 tiff_4.7.0-3ubuntu2.debian.tar.xz
 6ecf9759091f637225a58d41e0c2a6f260d523b2 10200 tiff_4.7.0-3ubuntu2_source.buildinfo
Checksums-Sha256:
 8d54fed205c96b31c7ecef629b4439364dddcbc44948313a9387690396944112 2368 tiff_4.7.0-3ubuntu2.dsc
 2edfc9560d299c32960f55b4fa3cb7614c3fe4bf4c9c8fbda4378bc8723234a0 26264 tiff_4.7.0-3ubuntu2.debian.tar.xz
 e13fadde292aed4177942b2c0248b1bdedcaffc4a3227a7489395699f513bee3 10200 tiff_4.7.0-3ubuntu2_source.buildinfo
Files:
 6ad893966a62a198b0df4ddcd1cfa6e4 2368 libs optional tiff_4.7.0-3ubuntu2.dsc
 e462877ebc394e3be48ef4ca1d347f67 26264 libs optional tiff_4.7.0-3ubuntu2.debian.tar.xz
 1933fb70ed3b3201a387b872937d7280 10200 libs optional tiff_4.7.0-3ubuntu2_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>

More information about the Questing-changes mailing list