-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 16:03:21 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: amd64 Version: 4.1.0+git191117-2~deb10u4 Distribution: buster-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 4a35b6ea91e554eba075de11d1db582b383e148d 394196 libtiff-dev_4.1.0+git191117-2~deb10u4_amd64.deb 699202cee55421eeda14973bdc8e375aedf0d38b 15052 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb 50283094ff4e28af3a0bd95c3450a3bf9afdb5ca 122508 libtiff-opengl_4.1.0+git191117-2~deb10u4_amd64.deb 60745cc07106d01cd581a7ef1380ab8d8c7b8829 426160 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb eb75a6a5f7f9c8074e7815e61338c5a6c99b310e 304464 libtiff-tools_4.1.0+git191117-2~deb10u4_amd64.deb 9d3d1728938a1e2bd1e70bc4442c62bfbe18c15e 496640 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb a05d9e4ccccabe7c920684bda1294cf600707153 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_amd64.deb c0561ba712eeb490170c6215665f346d2aeac5d3 271420 libtiff5_4.1.0+git191117-2~deb10u4_amd64.deb 36214159faf228fa18b726a2d0e6011fd789ecb4 23608 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb 3419e7559565e1f2b08c61e7b1819c8646dab927 117752 libtiffxx5_4.1.0+git191117-2~deb10u4_amd64.deb 916717ee663aa0af7e3b66d037c760acae4fc1ea 11648 tiff_4.1.0+git191117-2~deb10u4_amd64-buildd.buildinfo Checksums-Sha256: 1502fda4320e600f6ffcf54380cae6ed0290e50c12d7247b66d623356e1e5596 394196 libtiff-dev_4.1.0+git191117-2~deb10u4_amd64.deb c24a13c1a282e888812e19b2f00085962fbaae79c93fc4416609b000ae744817 15052 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb 2c853dadccd7f05f7adaa0de9c34aacdc211eb6ab274aabdcf2c2ea6a7b72cba 122508 libtiff-opengl_4.1.0+git191117-2~deb10u4_amd64.deb 7f795c779ca46ff93bcd5cf648954a267cf5c2577b502ffa9ce96d78292b6fad 426160 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb a010bef3c394aba9a714ec7c049339911ee76183f3f54c5c9a8873a5d92b3f3d 304464 libtiff-tools_4.1.0+git191117-2~deb10u4_amd64.deb 9aa59bad28170b6560b455c04e40d433707dd6b32db1d540eab734192be96561 496640 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb f380ba90ae22e3d44697d65e81c06fdceb39428424e8f023a46dc6e24741e916 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_amd64.deb 858302f16faa680de8236ac5c8cb41503bd6c41c46e33fc74c93ca67eacff84a 271420 libtiff5_4.1.0+git191117-2~deb10u4_amd64.deb bb10ffb73fe2724b6a7b148bbb45cf3bc4508ccc629305cb28816faf27923b9d 23608 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb 0dabd3de4b58b5f4f9f9742a04f05bf05296349a651db62d4e62960e06791ff9 117752 libtiffxx5_4.1.0+git191117-2~deb10u4_amd64.deb 994f641c8cda8fea4ed6d03d0f71f2a2b0d70fc9477b1acce911ae19c0bf823c 11648 tiff_4.1.0+git191117-2~deb10u4_amd64-buildd.buildinfo Files: 758908da92b4ff17a100c931e67ffdad 394196 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_amd64.deb 75229c43bae1a2ccaf792d1979552f33 15052 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb 52cdd0b3d6aa853b38b07f80c5ae4e9b 122508 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_amd64.deb 651708484a0952db75c8247fdc5c66c0 426160 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb a3600b3ca9ab8940b22179406fb366ce 304464 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_amd64.deb ec8bc9d3e4e1089b8487f9eb7965d37b 496640 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb c1bb79e261f5c05cd0afd6923ac4907f 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_amd64.deb 290ca63f1ea1ee5112a125bfd75aaa37 271420 libs optional libtiff5_4.1.0+git191117-2~deb10u4_amd64.deb bcbb4e1e110c925dd27eb6279b9bf719 23608 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_amd64.deb e1dc67124135b5cbf5756cb69acf12be 117752 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_amd64.deb 11bda4be9fd69b7ab43952054a83ffbc 11648 libs optional tiff_4.1.0+git191117-2~deb10u4_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEN7duNU9NP062TWmbN0rYXSImzT0FAmI7XZIACgkQN0rYXSIm zT1wFg/9HDmSUBofa5eUuv7AnJFVhH23ocuIMe0JO3lYVR2y2/MrDbU7gjL4U29r WB5TNUF0bIkMMotgRTBVGOropLYC/m2ESlWUzV3KGlnauDY7I3awaSzPBx6Zo54u 4FNZnvOHkqRnCB2ONskI2gL4JL8+hYbrfiSKTcUHKaK7qWWe31DxXa4Lf70jZiZe ArYxVN3zDcLKOaP1d1i2PPId4vpwCWPEOHwFv80ov/3S69emL0egd+OrQ0GwuuXw QhvrpE+HGJHLxREhiS+bdiXq7pF6VJ7Yik2cuIwCpPB9HoJGDJtMNa77Us+AuoYR X/BMkrp7AnBrhr8EIlW/rwPL3iG9/Fk5cg0cR8Zq9ZVwVDhC3jQ/bqUXYl4BXlT3 HQScg7/tD33JmVAPFrgTT5oEh9gkNbgzXSMPa2NTQL6FNT4o/0d5l2YOwPUWp5OL iDBOS8QVPZD4aay/x4OeQl/+U/DW4OeK75bJNIDypfZS/GCTzqAKbc1U3qhF3omX GW75g8pp83n/3tYphgnFVoAkqFv5dbOfRJe8rN/mXY5I61RUt4LhKsHrb/K73m+6 9fGInSgp9KWqJ/nUkGzxvFKToHVAekvfw0HJ6KxdJHHeMp4nPrMyH0+jqW6haXby N2W6xPsQOeHHmx1Hbn+DtJJdULPTcJWNYHkX2Bh3eKdt7xjQMA8= =DXFK -----END PGP SIGNATURE-----