-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym
Architecture: armel
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-05) <buildd_armhf-arm-ubc-05@buildd.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 067263004074403a1a85480dd7a040b7d9739791 375340 libtiff-dev_4.1.0+git191117-2~deb10u4_armel.deb
 31da20d9f4dc2fc4c8167ab4126484c3d4b290b2 15856 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 856c94485531ad6be931dd575500984f1287854f 124048 libtiff-opengl_4.1.0+git191117-2~deb10u4_armel.deb
 99c63f4c80f3ba12e92b2b143cf6d817047a2668 416016 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 e13834abbce7e023b7eadca695ca95e1a8f9d923 292292 libtiff-tools_4.1.0+git191117-2~deb10u4_armel.deb
 3a3fca75c3a6f599c3683edfb5fade8792ca3ab9 464424 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 001efa53756315d433a105df5b4fee0fd4a7f75c 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_armel.deb
 6cba9a1f7191e8179e01a8e1dff6a58f8bd1be9d 252052 libtiff5_4.1.0+git191117-2~deb10u4_armel.deb
 504eec60bb8d69ddbfe05b4e8096c749dbdaf6a9 23696 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 00b79ac2189f27bffcb89d932e4f4971bb3ca278 117780 libtiffxx5_4.1.0+git191117-2~deb10u4_armel.deb
 b3a3f4d8b5e915d21b83489297ac290b1f8860cb 11596 tiff_4.1.0+git191117-2~deb10u4_armel-buildd.buildinfo
Checksums-Sha256:
 6d9763ba0ca74e065d64e423884e1a4ff66da63d9c8c0107b6c50f041ccc729f 375340 libtiff-dev_4.1.0+git191117-2~deb10u4_armel.deb
 8d51e769b88b8c77c32a02736d3417b8fd64a4ba596b24c7d2626001e2e0fdbf 15856 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 564c815c1903ee9e74568d782a6138fa60fb6675860b9bb98a42a3f16e80630b 124048 libtiff-opengl_4.1.0+git191117-2~deb10u4_armel.deb
 63c4f26875b25ad84f8e9bdf4aecc2293c721b12028ca06523f8e242b586a97d 416016 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 a18a6f1ec81b5bf66f0d7aa7b5b30bb9d9b952d32dae98a8879c809c9c25a919 292292 libtiff-tools_4.1.0+git191117-2~deb10u4_armel.deb
 de3767aa5465020e73ad03dd3df00ed4780fc2eca2601504cfc9e70053b4f96f 464424 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 4e52030817367ba1f775935b58903b4f545644f7c889d01caaeedc95f8aac7fb 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_armel.deb
 215edf3534a3cc1440571e12f9676321ddfce52ad9e6f0309fbffab284282b77 252052 libtiff5_4.1.0+git191117-2~deb10u4_armel.deb
 61fc9e57d95bff6fc1d82ee3e8bc79bb682c7cbcce046f434a55a5d5fdc1743f 23696 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 489960098dbea5a1d2ba2acdd90a3ef75403db7a1f92a5c44b13f543c8d0ed1e 117780 libtiffxx5_4.1.0+git191117-2~deb10u4_armel.deb
 21fadbbc6db28def9b2bc33ab9ebcfc7a44a586ac55d875ba224f098537da128 11596 tiff_4.1.0+git191117-2~deb10u4_armel-buildd.buildinfo
Files:
 b7ac7a9ac6a2006e056f88b476dbdb20 375340 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_armel.deb
 63a548bd6b1d627ee705bdea5abf5a30 15856 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 8f2e9c6b9d7984c321d1692493c1a2aa 124048 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_armel.deb
 066945c2fc23c0ea855680b0dc671f66 416016 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 506ce993b5759c779ecc65feaad43b79 292292 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_armel.deb
 2d936e5fb8ec6562ec4b91db8150ebca 464424 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 d13f9dcdd94ce53cccaa145574ae947e 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_armel.deb
 3bb9e34be6c656bf8144ebcd9f38b9b9 252052 libs optional libtiff5_4.1.0+git191117-2~deb10u4_armel.deb
 66e6d4f6e1e30faa012d612303281b57 23696 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armel.deb
 3e72190d2b3a18467186950075d24eaa 117780 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_armel.deb
 8ca57fee2ff2b55ba6f9037dedb8b86d 11596 libs optional tiff_4.1.0+git191117-2~deb10u4_armel-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEFZimt3pArPw4b+NwUUntMkUVbIkFAmI7XqgACgkQUUntMkUV
bIl2VBAAsp5DtZ0VVSW0QkWgbcTbEnt2YVw6qDx6qqY0smFhmrhvZIS3/QMwqiBx
LTTnTL9gdB/DujMbyAEnTb43t1Co8RiJEttmsv7RpW1IIMcXfMXtV8zQ1EwKzQHl
J9x9MxWjHw4hpmE+m2MaZYB9mI4d+01HhD6sLpeIvpbJmuKVyztB1HnaQ29fHM07
DKU8cq9i/XzasUsOxdr36aE6t/mKy+uTX1signOiUXCF4LYJ1Ff3HDXUxN3aS3wR
CuD7gvUUasRAGIFSoWliYJNPkXL7M4qSGgIQq5iCAhW7YU5iOsvKrC+grLXveKxf
r2VDGZ04NMHq6xMDaxbd6zFpF8p+yKx69fYzOr3A1WoM+Ko9XMVpvMGvhzgcWQHM
/fMTLKW3QI/fpntyGt7Vnnld7o7enhR/vh26xKDfqfcAEpm9TZXq0af1AQ7B69Eb
7NmJnC8RKe+EANs9S9U79vF0mRCuA+Jg6s+7LZsE619wi/GH9xwPnW1mIctTou+s
5PY0mc+QL+cNGGHOUMelfzcCMgymGz+0HcK4myxcSxqE/rSiTxa/9io94ULv+veu
lVEnX9D7pKABiJeTrDykSU5qnhfvGnR3mOtxLXSNXL1xaIMXltUnfAUi3oT74/4L
7kVXfEdPhmx1ZrbwMdaTPj6ATxKJOYpkLDEoJhGVv5uCFGzJL9Y=
=DD5g
-----END PGP SIGNATURE-----