-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym
Architecture: mips
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: mips Build Daemon (mips-manda-01) <buildd_mips-mips-manda-01@buildd.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 873045d4ac090dd3455cc4a7dd71ecf3e5985e83 400600 libtiff-dev_4.1.0+git191117-2~deb10u4_mips.deb
 fc2c71dabda218489cb38d7579449e29e5356e7c 15012 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 a62818e2e3c40c41aa15ec90ecb179f96ea09120 122420 libtiff-opengl_4.1.0+git191117-2~deb10u4_mips.deb
 a984469ab41725fcfdc58b0fcc279c4fa5ea2f8d 427184 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 9e7ef319963616c6cc524de4366977ae67243576 295012 libtiff-tools_4.1.0+git191117-2~deb10u4_mips.deb
 54ac1b880dda29455ee3b5fc75b132ab843799fe 497492 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 afc8af7e001d3e1fe17bebac6443aa587891344e 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_mips.deb
 9e18e10f4dd6d3068173c9324df9bbc315a1421c 255140 libtiff5_4.1.0+git191117-2~deb10u4_mips.deb
 59242d9ce2df29142e1ee910c50293b48c5e1251 23420 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 8f020c22f7c542a1ce276058e8c123f6aac1fddd 118160 libtiffxx5_4.1.0+git191117-2~deb10u4_mips.deb
 f30748346171a9c31e9f4ef6672b20e2cd385e17 11394 tiff_4.1.0+git191117-2~deb10u4_mips-buildd.buildinfo
Checksums-Sha256:
 0800b87a229f08bca96b9395fc776209e9668381ef6a0ddd32f1b40d0b006144 400600 libtiff-dev_4.1.0+git191117-2~deb10u4_mips.deb
 a0d655d82da1358481e1ef20b7c034f1fc56e7783ed094e389dcf2b08137eefe 15012 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 1441aacaeada0914f373e478b13e493ff47103679ee9352df79d7409b296599c 122420 libtiff-opengl_4.1.0+git191117-2~deb10u4_mips.deb
 cdc7541a0c678b97c9ef12b30f48a912b47fc08cb3094fe403c46b389ace971d 427184 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 971cd95a14f8d8c47c7d4db988da182b9aff7de3118ac7d53b069a01a9184cc3 295012 libtiff-tools_4.1.0+git191117-2~deb10u4_mips.deb
 6ebe7378b51bc4c77394f7352adb4dd9999c7d12970156586c6fa037a92e1d85 497492 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 ce4255a4665e482a324b4fa88df6c6eba8f736b5611784abdd0f6273dcdd34e7 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_mips.deb
 fa0bfaebc05ac29e35c13a19059167f3347b37e841a4433302b6324d36838d2f 255140 libtiff5_4.1.0+git191117-2~deb10u4_mips.deb
 b717b8babdefa5c55e210db28b2f5255bc06080cf5bb96bae58399fdfbeb882f 23420 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 5abc062ab08540bd2203703d1efcda738dac2cd6c228f9531251bf59454af1c8 118160 libtiffxx5_4.1.0+git191117-2~deb10u4_mips.deb
 e750f39992298df615c0bba04f23b42c98b84f799d0a1980b661098bd67f92b6 11394 tiff_4.1.0+git191117-2~deb10u4_mips-buildd.buildinfo
Files:
 67afe36ee37bd2e88d1dde7c6dfdaaca 400600 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_mips.deb
 9f8e4c3de215346271cbed085ad39334 15012 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 a8279f7abffed53058645202bde9be5a 122420 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_mips.deb
 286a27d56e27963acf7ca6b6061f413c 427184 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 5295e73075acbec6711ab4bb1a43b598 295012 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_mips.deb
 f635e5e0e9f4d83bdefc64e782fb6e38 497492 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 efbed7a4083e2b43e698798ca68d6ff2 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_mips.deb
 7d141b383347380c24c350fef27056b1 255140 libs optional libtiff5_4.1.0+git191117-2~deb10u4_mips.deb
 d09b2cb602536965e031010021c9e887 23420 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_mips.deb
 07ca7c1fc6bb1decd3b1a05697385676 118160 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_mips.deb
 830720b073e9d8839f427b1b7aed872d 11394 libs optional tiff_4.1.0+git191117-2~deb10u4_mips-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEevYDcCpw+gxaAIfyzhCNGbK1Cr8FAmI7XqkACgkQzhCNGbK1
Cr908Q/+KlQMB66TrzF5149RlCm7wHe1lUzPq4rxu0a0eeAa0u8d5K9K71YP3Cm9
3BDirRD1ybSqbEG/8HuIn2NKWKrcXXzsf/1kLyiTXFek1KdWabAlQtW1uJUL48W3
M2cc2A0edbXbNsqS7b1ZeDJkS7n9BAyUXH3U9qON9CBX7U+baD10Yx7yn2xBTyLK
Xh/9dzy3mVOo9D9R8dQbYBOLq9gMw/644o4v19iUZaKSvH73cP0mhb+jI7IypDIN
7DpCyp/KjKfoifXRIFCk6CM3fUNuUWyKuvFYrUlPU+KwSC3TNmFuOpAJjJE/0oAx
9aGnLpcs+H/bWkN14mOOrXy/G3tFfPEXpIzQ36a/XaPpXfXmIBWtiOFusHjZ8oI4
zsVfVejSz5Sc/HSE6jNSHSgbre2+TQw4qZTtSCCx54ClBok4ujaAvJu62b8MF8X8
xKty9iCqXZoi28uWNZdZoqN3Od7T1TCJqu3JlV0UAAvwbA6ifag38UtclVynroJ7
GBxOxfW4hoxZDSeDj7B24lK9+XzpDwe8RJ/w4wftbMhl/HJjr5HNSlZbcW/O9fKh
vUTVWHvnTUrET/uGKPSVrt4K8mvSEtTWCCB9uVjYOcfEp11hAIxK4Zvom7MMUIPI
Jw3dUmtwQ8UFrZYPcze5EY6tTaXZt6bRz1oHCgYS+ejdpqNS4KQ=
=44fs
-----END PGP SIGNATURE-----