Hello LTS team, Apparently, I've sent the following mail thrice to the -announce list but it doesn't seem to be going through. Could somebody please send the below announcement from my end? TIA! \o/
The website update has already been pushed long back. - u On Sun, Oct 3, 2021 at 8:35 AM Utkarsh Gupta <utka...@debian.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ----------------------------------------------------------------------- > Debian LTS Advisory DLA-2777-1 debian-lts@lists.debian.org > https://www.debian.org/lts/security/ Utkarsh Gupta > October 03, 2021 https://wiki.debian.org/LTS > - ----------------------------------------------------------------------- > > Package : tiff > Version : 4.0.8-2+deb9u7 > CVE ID : CVE-2020-19131 CVE-2020-19144 > > Two security issues were found in TIFF, a widely used format for > storing image data, as follows: > > CVE-2020-19131 > > Buffer Overflow in LibTiff allows attackers to cause > a denial of service via the "invertImage()" function > in the component "tiffcrop". > > CVE-2020-19144 > > Buffer Overflow in LibTiff allows attackers to cause > a denial of service via the 'in _TIFFmemcpy' funtion > in the component 'tif_unix.c'. > > For Debian 9 stretch, these problems have been fixed in version > 4.0.8-2+deb9u7. > > We recommend that you upgrade your tiff packages. > > For the detailed security status of tiff please refer to > its security tracker page at: > https://security-tracker.debian.org/tracker/tiff > > Further information about Debian LTS security advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://wiki.debian.org/LTS > -----BEGIN PGP SIGNATURE----- > > iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmFZHdsACgkQgj6WdgbD > S5ZE+xAA0WThKamaHcNXZmtPQhJEuE12jES5ZxLtzcMWx+nY/6N+pfQC7Y1PEkf0 > fyxYxcHSwN5t3XWBzJ3IB9JQC/CyHXNp2cNXicE6NaI3Fj0p7WuzXZ9TFbIoX9Uf > q3bVfSyquCkpdVbfus2cO+SLUOyESKUgi/m+h2ymIMzH3qPICaC12hmUpbJdFBE6 > qlbUOdlOiLnagSt+tKke16IdAidTzDdizPDtxu0y+2VTpFCOe+mVWUpvphg6C1z8 > 5fcssAcLGbvaMTV1XqMcA/dmXzyyhgEvUlcIhSHvJPRGPrNMbvzPSs0oikzNqDWg > ECetgoQXOrNqXVTa55/SUK1oO+YQwcBC32EzmuV5vMKgTwDjU6oZ8G57ug1q4w6B > sDJlVvjWs4z5qYyMekTunC/84l4GQK0ut4+C64X+x31wJCLa7eQj7zuijDUYj4+c > rQOmi7wO62Mh7/mHfPeUsvrtkcx0xZw6GUoTesrGrkpzjJXiyMmBvvF09V0+m9ie > nLo4e/ojp5WecBtCGoPkGx1UuEBlNj153T1zrDlRLbv6QiEp2ip0oOksABF9qXtE > qTnCHd8W2N4lfN1Tca0aOQMQDXdnxW3Pj+lLzeA7UhwTO8ldrj9AnUZzUFyjknQI > nOaAZVdGVZod9tbzHK5uZeuYTSqDCrt4kJj0YB7msl80lTojL18= > =qdmq > -----END PGP SIGNATURE----- >
