-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym
Architecture: i386
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 1336e3752029007ce0b82189e64bff00886a0b7d 413592 libtiff-dev_4.1.0+git191117-2~deb10u4_i386.deb
 159e9453b116214b63c57861d66b05b8d419dd06 14268 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 ea09ceceffced0768c7f313f3cf39a3fb3e886ff 122684 libtiff-opengl_4.1.0+git191117-2~deb10u4_i386.deb
 f90ac08223ebadfdbb60f02a669e4dc9c0a85747 389300 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 2efb27bbfe3e83cfb394c10370673d12ac4f50bd 309096 libtiff-tools_4.1.0+git191117-2~deb10u4_i386.deb
 ad99f6864bdee03de1056398fab23dfc0a7061c9 447664 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 ded48ea088d9ed24663b2a605882e229f9e8384a 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_i386.deb
 be76ac615f6a3e0efae47ed5a44c395e2e9bce60 285100 libtiff5_4.1.0+git191117-2~deb10u4_i386.deb
 16e7c86b2d666b026ff79a455a8dfe29f41a2728 22792 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 e8e5d7515d735f7783ba4e6ceff16d62646e32e8 118392 libtiffxx5_4.1.0+git191117-2~deb10u4_i386.deb
 af5d6c4a87c7d854dc041e2577a788494f249566 11584 tiff_4.1.0+git191117-2~deb10u4_i386-buildd.buildinfo
Checksums-Sha256:
 eb83a7c4b7a76331aca098851062720a3e614030533dbcb9b0997341ddf6ff1b 413592 libtiff-dev_4.1.0+git191117-2~deb10u4_i386.deb
 003e9760776900c10f4c1977870c5958c35c7bee6d6aa8fb316e2799f38a4bc2 14268 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 7966120872846bcba129fc5ae22c6596a44015fed7d96febcfe691cee40e214e 122684 libtiff-opengl_4.1.0+git191117-2~deb10u4_i386.deb
 93f4c6ff1f5de868247ccc50d914da0fada21b1033dc7359b187c39b73a9a889 389300 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 9378e200437846311b65d38027ba1916437b0a7a624d5a980420708bbc4d8622 309096 libtiff-tools_4.1.0+git191117-2~deb10u4_i386.deb
 b7c6d39831dabcabac2439e44d3a1a54087a49ad43fa21150e54cf428fa001c1 447664 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 cef057fe0ea4812ec51a2b93a289cde8898b243440a9c797b3ce647878b1d798 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_i386.deb
 dcdfb5685c7153c301035001f1f76d3da4fef2aee5ff2a6315c12c4db3794d7e 285100 libtiff5_4.1.0+git191117-2~deb10u4_i386.deb
 6a55ee62438fc3e0959dc1d688e3390ec3c21a1d8e47342cf6e9bef9b5fabbc0 22792 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 3cd57d18e22c393e48f9c09d287555b2de67e402eaf77d52df77c38e35ea7cf5 118392 libtiffxx5_4.1.0+git191117-2~deb10u4_i386.deb
 d94a9d705a62a44ffdd2014686e58e000e1a215f7a2fe8092c627bbda1ab5898 11584 tiff_4.1.0+git191117-2~deb10u4_i386-buildd.buildinfo
Files:
 965d48e428ee035b83685e88f520d214 413592 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_i386.deb
 447dd65c064823f9e5fcf072a996338c 14268 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 9c767e194d02979ff353e826d8426500 122684 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_i386.deb
 7f9697c5c28c477747b4b33306f08edd 389300 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 9d91e1f957ef23ca5baea2c722dca3bf 309096 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_i386.deb
 5df659fcccb9fd4f9c42b550b138b8dd 447664 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 c395173ceb8f6339298862ca6ab2078f 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_i386.deb
 15501c1abae65ad9c8731ffb441bd7cb 285100 libs optional libtiff5_4.1.0+git191117-2~deb10u4_i386.deb
 7f0f91d41bc2fcad76f4dd23a88d1251 22792 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_i386.deb
 6cc513090e6c96f88f226d59ddfa8c11 118392 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_i386.deb
 e4ac18625e421f4ace2eecc43c1df9c6 11584 libs optional tiff_4.1.0+git191117-2~deb10u4_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZ+kjGN6s2Ioxmya1SqddLxw5rsoFAmI7XSQACgkQSqddLxw5
rspbxA//asw1Y9OYWJeo2MCL0DX/Cevv7PZtHSJo/Y51ypk9dVHT6BZu5NNEyJlL
s2P+YwDbAZMXxIzjq/cSRA1w5iXf+xbyCVSX6PjNgI4Pzeyw5EWOmt96tQpJ2yIz
DZJF50/H+pi04mrGQoAjTmIbBKOf1JP9hJbr6mnUlJdY4JCY1Eb6zs39qNgl9j4f
cUyx0TuIyA4KQoqkJk8sqPJ+Yz5bGFBzxOvvvqK0DLflnQ7qboZX+Sn02VSkKJ5J
uV72p5lTQk2f9+9qZeH5MUaPmbfRuUNN87gd0jtdqNlTwNT7I8khdyMraLqwuFUF
46dCKjDwcSWZzrDDEjx30FVdAQSRkEce44IU7hKewoc/aoN00kCKOJ+WuU3MgwkY
LJVSIoOveLnGBZKIHNunPf4mkePWvpGYysL0KoqFKGddYbqhK44Z9lgmhhvRbBPe
VMSNNpza1Wg5CGDpViUSf5aZ2ZihrOGzJjfPFWzJckl6Mn3T/uM+I7Y/BN3VAUcF
yRn1J9vZI4S2lUff3uLqih2/B6EfMHsDvSfNnajzwt74LruMXVbKnxtQCWjM92CR
x9bul3EjhZNJClBCE2jDjG+J/dJJKsbrIQWEcGkRrq7MnPHFOpLODAzM8xBcci4i
xvwzCGYBt4PXJQeNqY3rmRlBDFDkD2nGAIwzsO6q1zeyXmC+Fcc=
=czl2
-----END PGP SIGNATURE-----