This update for tiff fixes the following issues: Security issues fixed: - CVE-2018-18661: Fixed NULL pointer dereference in the function LZWDecode in the file tif_lzw.c . - CVE-2018-12900: Fixed heap-based buffer overflow in the cpSeparateBufToContigBuf . - CVE-2017-9147: Fixed invalid read in the _TIFFVGetField function in tif_dir.c, that allowed remote attackers to cause a DoS via acrafted TIFF file . - CVE-2017-9117: Fixed BMP images processing that was verified without biWidth and biHeight values . - CVE-2017-17942: Fixed issue in the function PackBitsEncode that could have led to a heap overflow and caused a DoS . - CVE-2016-9273: Fixed heap-based buffer overflow issue . - CVE-2016-5319: Fixed heap-based buffer overflow in PackBitsEncode . - CVE-2016-3621: Fixed out-of-bounds read in the bmp2tiff tool . - CVE-2016-3620: Fixed out-of-bounds read in the bmp2tiff tool - CVE-2016-3619: Fixed out-of-bounds read in the bmp2tiff tool - CVE-2015-8870: Fixed integer overflow in tools/bmp2tiff.c that allowed remote attackers to causea DOS . Non-security issues fixed: - asan_build: build ASAN included - debug_build: build more suitable for debugging