File _patchinfo of Package patchinfo.3178

<patchinfo incident="3178">
  <issue id="975069" tracker="bnc">VUL-1: CVE-2016-3990: tiff: out-of-bounds write in horizontalDifference8() in tiffcp tool</issue>
  <issue id="974618" tracker="bnc">VUL-1: CVE-2016-3623: libtiff: Divide By Zero in the rgb2ycbcr tool</issue>
  <issue id="975070" tracker="bnc">VUL-1: CVE-2016-3991: tiff: out-of-bounds write in loadImage() in tiffcrop tool</issue>
  <issue id="974614" tracker="bnc">VUL-1: CVE-2016-3945: tiff: Out-of-bounds Write in the tiff2rgba tool</issue>
  <issue id="974449" tracker="bnc">VUL-1: CVE-2016-3622: tiff: Divide By Zero in the tiff2rgba tool</issue>
  <issue id="2016-3945" tracker="cve" />
  <issue id="2016-3990" tracker="cve" />
  <issue id="2016-3991" tracker="cve" />
  <issue id="2016-3622" tracker="cve" />
  <issue id="2016-3623" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>fstrba</packager>
  <description>This update for tiff fixes the following security issues:

- CVE-2016-3622: Specially crafted TIFF images could trigger a crash in tiff2rgba (bsc#974449)
- Various out-of-bound write vulnerabilities with unspecified impact (MSVR 35093, MSVR 35094, MSVR 35095, MSVR 35096, MSVR 35097, MSVR 35098)
- CVE-2016-3623: Specially crafted TIFF images could trigger a crash in rgb2ycbcr (bsc#974618)
- CVE-2016-3945: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via tiff2rgba (bsc#974614)
- CVE-2016-3990: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution (bsc#975069)
- CVE-2016-3991: Specially crafted TIFF images could trigger a crash or allow for arbitrary command execution via the tiffcrop tool (bsc#975070)
</description>
  <summary>Security update for tiff</summary>
</patchinfo>