-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 16:03:21 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: armhf Version: 4.1.0+git191117-2~deb10u4 Distribution: buster-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-04) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 748303f0afae3ea7151c8556da98b81ed3a50d12 377044 libtiff-dev_4.1.0+git191117-2~deb10u4_armhf.deb 01a82a113012f271dad041b723f40cf702888dc8 15344 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 88950e12cd59f56e906a34caed5db8b59ae7ab0d 121704 libtiff-opengl_4.1.0+git191117-2~deb10u4_armhf.deb a785eef6b0d3a6c5bafb85b203daca1a513e43e8 423780 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 1281a7c0f32f9478daf3cef36789fd684664517a 290072 libtiff-tools_4.1.0+git191117-2~deb10u4_armhf.deb 57b4967b0da91cea2feacd32e5f45b89a15f5179 475788 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 551c4b0672b4ffb86d883681482c9d31896dd485 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_armhf.deb 2f6d91ec5b389106e2ec709835d4e1a86065d2f2 252784 libtiff5_4.1.0+git191117-2~deb10u4_armhf.deb 040cc33f1a568a3e6821608bb9c8dc0a463b1065 23804 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 60bd58c13a85c8a3d94e7ceee41ca173ed72ebe4 117684 libtiffxx5_4.1.0+git191117-2~deb10u4_armhf.deb e2b90894c7958d0bd859221f09cb36235f4a753e 11629 tiff_4.1.0+git191117-2~deb10u4_armhf-buildd.buildinfo Checksums-Sha256: 4a700042243cd2f46a41196271ee05ba6e06d37d4a2b4b06f807722f06037b6d 377044 libtiff-dev_4.1.0+git191117-2~deb10u4_armhf.deb 128e407598e2e47cbb71a15196e63fe679b931bbe538c09043ef18f559e3264c 15344 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 948b2ae57e3b99e46e2fcfba2b8a6e42b8f97fea6b49fe2e74e62dd4f0d02500 121704 libtiff-opengl_4.1.0+git191117-2~deb10u4_armhf.deb b97a8e0e7146d97ea0f1404c80f421cbf9fdf195e8e8c6dfd57421d212e7c0dd 423780 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 6f8deab1c949e56efa66690212f606a117ddb50d94d892a543eca1b5400fdaa8 290072 libtiff-tools_4.1.0+git191117-2~deb10u4_armhf.deb 36548f9e47f011ed9c792133390c862da52bfc06156008c4e90ed0591618209c 475788 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 85cfaa092814929da81396819882a77140340ef5b9acf871dd94cbdb615049ba 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_armhf.deb f1de48164523849ae7c4f03e6d91c510a14768acc6512d39bf802d1e650d16df 252784 libtiff5_4.1.0+git191117-2~deb10u4_armhf.deb 72efec38276c550b8f6928263e7ac31d5c5ac71022a897ff65ba7df6580da26d 23804 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 2a320d41816ae0a9e0ff7f73cf184b7a9ab4370323248a23d8f14da9c4142a6d 117684 libtiffxx5_4.1.0+git191117-2~deb10u4_armhf.deb 3d1a19b87b17444bb63515f46d7ceb87a2f808fb71353242d4b46863eb23640b 11629 tiff_4.1.0+git191117-2~deb10u4_armhf-buildd.buildinfo Files: f30ec17fc25e89596a8504783679c681 377044 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_armhf.deb 70d722e06381d1aa0319d8ab5e179277 15344 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 3a976b55c964ef761f22c5c86f66864e 121704 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_armhf.deb 56ecfd63670f8e6f3ce4815f1ec792d8 423780 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 74d7473b759298c2d8bfa672d6f07e44 290072 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_armhf.deb e67ac786494fa94ae0ea4769522a59cb 475788 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 597bb9defcda4e30365cf580c66fc7e0 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_armhf.deb 9fc97a4675871475276d6203416be12c 252784 libs optional libtiff5_4.1.0+git191117-2~deb10u4_armhf.deb f28d27da24db44cf952807ded651d969 23804 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb 509ee4ad7162686b25ade31cb5c666e4 117684 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_armhf.deb 77a666b98c72a472563c06a0fae749bb 11629 libs optional tiff_4.1.0+git191117-2~deb10u4_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnkOoRyjJ0+t2tN7OjOf+cynECFcFAmI7XdkACgkQjOf+cynE CFfwxRAAjRhK/VPrmxqpWybAL9WD/6Y6H3nQ3OdFxzNYN5W1R4077tDwfigFl5UN TYUhpjuy4eO6T87rJ73BG5ZcbCdtJpa/fBHstalvH5BNOwDRlPIwXXTRh/8wF8v5 1RyosYzTGpg2xBc50z7ioH3gSmORoc7SZJiFRr5QnnhrOBaq0DnJ99foAloOywt5 KpjXLqvn88mr67gUbRtXzf8t+b/kmyyd53B9qOwkauUKloEw6vRw50Ov0dj22RPk Gzg7McPT24tT7FVnhyVfT9wO1aNBSWCE6Hbnj+Ho7CcOltRV6z0/fsCHlS2xFiv8 q6F6bh68Aip1kOxg3mBZVRD2oCmTzNC7KKY9rHIDeliSe7tSMziSEaen3UVI03JD SmmJTH/+5DCruNoxf+UaAIeD+YxUypQ2EMmzDvlksD3PAS/JSGo7EELXSYDxDjDP vd9LvzZ7ZO5gn8i1Jr8xc9kB5He0nRohW74PO3HjCfp2GVGNgiMTolzpDmf3B6US L+orwEeQbWVah3tqXIgwYsLbOvEqAPBCVv0HhYI72mBWewPGKyvh2jb0r1rsnFh0 H/HaEakt/Zad+tcCeamSZWbiS5Mp68LsMYJNdLtsTbfk3DAN2D2/ovGwr0Nz9Q1Z S9H9d4TfftRSaQ3TJhafSaPEBGqV/zFJ8A/8UWNr5t+hz+CtJq0= =1tmJ -----END PGP SIGNATURE-----