[SECURITY] [DLA 2147-1] gdal security update

[Utkarsh Gupta <utkarsh@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : gdal
Version        : 1.10.1+dfsg-8+deb8u2
CVE ID         : CVE-2019-17546


tif_getimage.c in LibTIFF, as used in GDAL has an integer overflow
that potentially causes a heap-based buffer overflow via a crafted
RGBA image, related to a "Negative-size-param" condition.

For Debian 8 "Jessie", this problem has been fixed in version
1.10.1+dfsg-8+deb8u2.

We recommend that you upgrade your gdal packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS


Best,
Utkarsh
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl5yiMsACgkQgj6WdgbD
S5ZTaxAAyvdxm+h/KjBENuVMOkTN9ncZOg+W+osUgqOThuCQv5tjSrrf0dn4njbE
DcFBaD71xwckL++8ZEOWtrzPZ1SBr43se9+yM/cQsO15Uahh7adPhvMa9YdPYB0V
QQLVq5XEG+rxpg7hCPS6wxsq7M3sQ4Mg4fuElxbcRQT+GX1sU1KWHn+24dLS5JWg
3NL5hmMF9MGt12qLGydR8Cw8oG+gcbaxXasNyg6bUThtIOPxqNZ8KLc3YEiuA2wt
1GMZAs/LqOaHJ4vRnmkPcqKoZjrtCBNHBWCYl+Y/pO4AZA3YDak+u9O8GiRnc4bu
4Kw6HpX/f5MHJsLdn4RhLLY7FVdYyznv+M0H0dhnEYg7xa87sBGzgpPKTh3sO8gM
qHl+Pf4z/thoeyFHI0CDsjsVUFluEZyAscOf429dOo9rnguKiiV97n+AH5+i8qVk
8D3V4mRmXTHFyjD5YT+ze+xLv33Cin9TXaSrSahPdRoR/efb9M/MNBWg3EmE5gdH
S6funLo+aFwhGatD4n8qyKg+ypP8x2dBeZB5LcM6+8hPYC9z99KgQz0VNR2RKcj7
Uk5RIpAFFtzDT9LqbqPbWdedjlIXgZ9/kjIxxqW5qDVzCNWuOC19+R2Wg/3+VTYK
NCTNsLVqHdpqvtA1TH5KyNXrtHG7MX0xohGoJlwVSlI2wBNr+FA=
=wyVh
-----END PGP SIGNATURE-----