[ubuntu/questing-proposed] tiff 4.7.0-3ubuntu3 (Accepted)

Hlib Korzhynskyy hlib.korzhynskyy at canonical.com
Mon Sep 29 15:20:40 UTC 2025 

tiff (4.7.0-3ubuntu3) questing; urgency=medium

  * SECURITY UPDATE: Memory corruption.
    - debian/patches/CVE-2025-8961.patch: Add _TIFFfree and extra read_buff
      check in tools/tiffcrop.c.
    - CVE-2025-8961
  * SECURITY UPDATE: Memory leak.
    - debian/patches/CVE-2025-9165.patch: Add TIFFClose in tools/tiffcmp.c.
    - CVE-2025-9165
  * SECURITY UPDATE: Out of bounds write when processing specially crafted
    TIFF files.
    - debian/patches/CVE-2025-9900.patch: Add img->height and img->width
      checks in libtiff/tif_getimage.c.
    - CVE-2025-9900

Date: Mon, 29 Sep 2025 11:21:14 -0230
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/tiff/4.7.0-3ubuntu3
-------------- next part --------------
Format: 1.8
Date: Mon, 29 Sep 2025 11:21:14 -0230
Source: tiff
Built-For-Profiles: noudeb
Architecture: source
Version: 4.7.0-3ubuntu3
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Hlib Korzhynskyy <hlib.korzhynskyy at canonical.com>
Changes:
 tiff (4.7.0-3ubuntu3) questing; urgency=medium
 .
   * SECURITY UPDATE: Memory corruption.
     - debian/patches/CVE-2025-8961.patch: Add _TIFFfree and extra read_buff
       check in tools/tiffcrop.c.
     - CVE-2025-8961
   * SECURITY UPDATE: Memory leak.
     - debian/patches/CVE-2025-9165.patch: Add TIFFClose in tools/tiffcmp.c.
     - CVE-2025-9165
   * SECURITY UPDATE: Out of bounds write when processing specially crafted
     TIFF files.
     - debian/patches/CVE-2025-9900.patch: Add img->height and img->width
       checks in libtiff/tif_getimage.c.
     - CVE-2025-9900
Checksums-Sha1:
 550c4e81532d7938851eec2857606a4f6063ddf0 2368 tiff_4.7.0-3ubuntu3.dsc
 397c6fa51a5e91219c968e36fc6d760d96766bb8 27588 tiff_4.7.0-3ubuntu3.debian.tar.xz
 02e58255e2d5fd73cc8e78407d97f07f4f243894 10392 tiff_4.7.0-3ubuntu3_source.buildinfo
Checksums-Sha256:
 6df15df7da1c62a179963a5f441247a4dc5f9f7d4cb394a8a1d0883b7fff9366 2368 tiff_4.7.0-3ubuntu3.dsc
 794912cebe4af339c2cf7f507f18f79112e5be742679b23d0854cd66f4498842 27588 tiff_4.7.0-3ubuntu3.debian.tar.xz
 b9567ec2bc2029a8a2a0d8f5b0a67d1b2c228f0c1b1399e7992db0cf4768a4c9 10392 tiff_4.7.0-3ubuntu3_source.buildinfo
Files:
 8700cad1125ed0da0c7577cebb25e179 2368 libs optional tiff_4.7.0-3ubuntu3.dsc
 ef1481deb54a4b037bcf12e041f6d446 27588 libs optional tiff_4.7.0-3ubuntu3.debian.tar.xz
 df03686c610497bd8fbab8a4f401c2ea 10392 libs optional tiff_4.7.0-3ubuntu3_source.buildinfo
Original-Maintainer: Laszlo Boszormenyi (GCS) <gcs at debian.org>

More information about the Questing-changes mailing list