-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3903-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff July 05, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2016-10095 CVE-2017-9147 CVE-2017-9403 CVE-2017-9404 CVE-2017-9936 CVE-2017-10688 Multiple vulnerabilities have been discovered in the libtiff library and the included tools, which may result in denial of service or the execution of arbitrary code. For the oldstable distribution (jessie), these problems have been fixed in version 4.0.3-12.3+deb8u4. For the stable distribution (stretch), these problems have been fixed in version 4.0.8-2+deb9u1. For the testing distribution (buster), these problems have been fixed in version 4.0.8-3. For the unstable distribution (sid), these problems have been fixed in version 4.0.8-3. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlldUoUACgkQEMKTtsN8 TjbfhhAAqvjzAcIe69UhlNggOkowaWN6cQ13jaKv33fslqrM4JKqVQbrPXgqtpDv h2dEPuko1Z9kTe/euogFAY51boO23N5Usy96MRvTO055JxyzefoeC1bVCRlWM6J+ Nz03muRdegi4hctLszAnoASglc2pQhC6eHv/w30ifhwD91YqU8veWFyFxvwaeIbG jc0OTJ6Sr76oHwzoDHm2GKkxvNuxPBCoUyMXSLbCBN2XSThnUHJIdXK7bj99miE+ tcLuaRIQ2E+fIMax9YzaTllqz2s0dR15rFjHm6uLMXoTAJe7vxkLDIyMFbSYdlH4 4FAi2ZN+EGXoVxzhPFrPj6Nj5yxDtGEl4D+IuRZX+1niNElVqLg9iwMNsr0KkytG Ff12leSQcgsKsKksDKacU363p08UR01iOtUMezZm98pktaowt1J0eaaueMfWdSdP OzfzUTjWBttYjM2jCPl6YI6vKldRNBs0nguj2Ma+VbQxe5VKR7FbosRaJk9ZXgnL tgha5Nbih089PF1vFg6atFTdo3k89/6uVYhkYSDjKXLTiY5BZ7h0HtNsy2WcIxeG cXIdaB0o4SFc6LfaNbw5WJ7VIxo7ItRIRMAZWSytjaHalvZTw5zrvTrt3S/kUE+a aE+PmwjMDkNUi43HJAylPTxtNgFBk61rCJgbY8CJIEbug9XUMf4= =/Ydd -----END PGP SIGNATURE-----