-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 16:03:21 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: arm64 Version: 4.1.0+git191117-2~deb10u4 Distribution: buster-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 679e2ac33078e99683e485c79d22f447d6d56416 384788 libtiff-dev_4.1.0+git191117-2~deb10u4_arm64.deb 94faf60b25f3d4169f0d0cc3e20a86f2a92aaab3 15468 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 9baae44145986ac108ef8c3e38f8b667dc726c7a 122248 libtiff-opengl_4.1.0+git191117-2~deb10u4_arm64.deb da1c3d6bf11ce66d5ce5a21ca8b3fd5b724ee32c 422572 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 4ba4a3aaf6bee3cbb5f36a5dbd807957d87a8bc4 291684 libtiff-tools_4.1.0+git191117-2~deb10u4_arm64.deb 63238aadf3aa869efab1c9037f25e0be0a2e4455 488856 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 40415170d02fc386f4f13d0b87556e8c19b7e2a7 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_arm64.deb 05cf5f02c3f310e630192f486ba261416ba0bce5 259880 libtiff5_4.1.0+git191117-2~deb10u4_arm64.deb f07283c933aab3af174103d99b193155930dbf96 23652 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb ba72c39fc04ddd6e779e66b043ba8a4e2b369094 117788 libtiffxx5_4.1.0+git191117-2~deb10u4_arm64.deb 65eecd2a3ab1d614b233faa926bd1fe1a5bc35ad 11637 tiff_4.1.0+git191117-2~deb10u4_arm64-buildd.buildinfo Checksums-Sha256: 02e045b50f897e6cc708c19ecb7aaff425afefc87745c72599de96c549cefca1 384788 libtiff-dev_4.1.0+git191117-2~deb10u4_arm64.deb 8558736225094ebe91ed5b39ad898001ce308e79a2134837d4e2ad2924db1fdd 15468 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 5614c1d6cd10fbba05df63e2020075def5acfb6310b2fb721d0d21c8e56265f3 122248 libtiff-opengl_4.1.0+git191117-2~deb10u4_arm64.deb f744ed2af56232ff26e0ba8f43b02cb111e20b36d14256474faf7a373df313e1 422572 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 79ffe356d3ac8c98602f4d19c8515345990d1588ceae6f9d20c2072ff57a71cb 291684 libtiff-tools_4.1.0+git191117-2~deb10u4_arm64.deb 2bad19520d74c45bbd02f74825f342ed203a99afb9d8c4ea242042b9e556a655 488856 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 79b6e5bf8ca81888fa631dae78899b90b204d0f5bd7fff05b7583bbf9dbb1272 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_arm64.deb 988841cc1efa1ab27acaf01af8fe1b6931a12f91b94daa0fadfd189d093c4d87 259880 libtiff5_4.1.0+git191117-2~deb10u4_arm64.deb 99c70a130ca3d059ac2dde7199a29508b502aab628f82075fe35072bd34bd0d5 23652 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 45e4bb95337c283a7fcb801ea5870742b6d493de0631f162f8e714525f7c6bfa 117788 libtiffxx5_4.1.0+git191117-2~deb10u4_arm64.deb 45577eab3ffd7e193818f70d2e5d953d88fed1af550a7d1969a2aa1ab25077cf 11637 tiff_4.1.0+git191117-2~deb10u4_arm64-buildd.buildinfo Files: 8b8ed6494b4171338d1cef6955958231 384788 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_arm64.deb 8ec5b7776ac5ac57f1e03f0f1a93715e 15468 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb f2128cf81364f4b8eca625a5ca87443f 122248 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_arm64.deb 3b527a63843b8e5f7c39f2369ff1bd89 422572 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 95f3bcb7dbd8ae136d923cfbc5b0d942 291684 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_arm64.deb aca71fb1b5d4337334782cfb99af3be6 488856 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb 6d236d41a85a0e22011ab306b647884e 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_arm64.deb 89947966e216ee034f70dbf4cf23482f 259880 libs optional libtiff5_4.1.0+git191117-2~deb10u4_arm64.deb a2fd743f8aa9d0a7772799321c0dd25a 23652 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_arm64.deb c61dd8fae6df589ec1c14228ec8e9f50 117788 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_arm64.deb 191d3300a3f0ac322d7e0bf78a3a3c82 11637 libs optional tiff_4.1.0+git191117-2~deb10u4_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEETryc+haRUaVKVinFljW79/ovCzcFAmI7XbsACgkQljW79/ov CzeE4g/+NSnjIegLgzZkyhDvlFimzuF47qSHGZ832c49bW0WfMrlTOo+mvDxT4d1 DyZU/5uIwqeB2hVas+c6+fyXJJ6aTkaCY8FpkaYcTtR6fBs6L4i7HsxBgx5xN+wq 65RAgbTZiJ5qFD4TH9cwSwG6T+J+QjHHI/uos8ICJ9I9IqRKOJkjUejOi27zzbWO mJiLLyxvjVlNJ7EqK9sK8wQpmqaROlfFB6CyslMSIXdMfLhvEPk+tzdoqi0Tt1qJ 5rH6fgnBNX8ICnQPdaYeepUUlt1tuDtgGeFJYLl320yKUObCD46Sfk7+Wbcnc0uT hvfO4KazIwJbwv7Z7VJ7XPpWrgbXSa1e9DGhuJmOnpM470/DB5z4+uQYkNDNEYYs HIxqM4LcWTBzGnk6AHhCHVTA3bZ4wwKM39yvbQvDZ62q/V0DMWbhZeGcALtL+SjM g3wlJFqVCfwiNU9Z8FDee7dSYpzVyd6P8s3EjTnKj6RGfmoa41LSl4TELyZri5OF 1dnaiQzV56oUP11+hbutyzIaf6Nzv/ra8bn6KMSCFqvp8ym+2abEIvVRsj8cHvjG e9swrjc9tr1EGWtwCQ4PSKxnD9b8XJ/DXEwp0ZcrlTRpjIEpZ+IBwInKfzWa1MLb 0ja51+n9+E+3VYZx7y7Ij/1OwLIJke6Zb01AMyOJA6NRfqEuBkg= =aCJ2 -----END PGP SIGNATURE-----