-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 16:03:21 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: mipsel Version: 4.1.0+git191117-2~deb10u4 Distribution: buster-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-manda-05) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 01400ee97ac7f3677511bba40d745f1628d3f80a 403892 libtiff-dev_4.1.0+git191117-2~deb10u4_mipsel.deb 7fd4528bde0ae32b00d5811b621861182766b1be 15112 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb 335a00ed7f5eb5ca46a26e4ed57a507912789a08 122440 libtiff-opengl_4.1.0+git191117-2~deb10u4_mipsel.deb b4cea50436c4cbc7db2b615e433c261f06580bfc 420112 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb f1983971c2f3669c28bb48dd86bd6ef507cdf9ca 296620 libtiff-tools_4.1.0+git191117-2~deb10u4_mipsel.deb 737999cd7e97580dfb14fc6a4e9e11d713307538 489008 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb 9c1a246fc59c77f9c7bae42df1551f1b2b6ef609 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_mipsel.deb 51cf247cca717379f22ad62bd12c477dc9122f4f 257036 libtiff5_4.1.0+git191117-2~deb10u4_mipsel.deb 5f54ace8251cfd4d125935a7239453316361bb42 23344 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb 5386ab43706b95b2c733cfd144358e3da5d6e64a 118228 libtiffxx5_4.1.0+git191117-2~deb10u4_mipsel.deb 90f16f2674fdfe9da3f7fd74ef46c62b554318cc 11460 tiff_4.1.0+git191117-2~deb10u4_mipsel-buildd.buildinfo Checksums-Sha256: 277b33a2d9baac9be933f7b51537f0f06dc34f412c0b77bc581955b81c923896 403892 libtiff-dev_4.1.0+git191117-2~deb10u4_mipsel.deb 893514402ca372aed2368ef793704feb23cbb61b9a6a9e23d3d197c6374b1270 15112 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb f851c18ebde8b18ceeca09adbb6c5a34d1d4c71a2d71097ba0a0af0a4eb1418e 122440 libtiff-opengl_4.1.0+git191117-2~deb10u4_mipsel.deb 5271fc0aed167ac8d8e81cd72375251eb334b04667cebda277e38151e396cc7d 420112 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb e5ccade29c1130e80886103c64df03ec2c877c40fb1fb2cc3b401029968ad181 296620 libtiff-tools_4.1.0+git191117-2~deb10u4_mipsel.deb 5fc61a79473b27f8c74595803eed853783b1c87c6f044ead8653fb429d99cb35 489008 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb 12772837d6e850ac35ab62c1239a8c9eb696d58a30e511f9b1a4dfb01926f500 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_mipsel.deb bc476e59564a3031936c18c331a39e2600a677e6c1b21f3869d8bb88100a1ec6 257036 libtiff5_4.1.0+git191117-2~deb10u4_mipsel.deb e2c90c484c4fba824e851bdc6e179d412b5c87f342ef024526807dec2a8019f5 23344 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb bb984e911def2bd3bb4c57c61438c48d5e5a00aa7e0303f50e9b11f6b9ea8d78 118228 libtiffxx5_4.1.0+git191117-2~deb10u4_mipsel.deb 35da022a52ee0a7787ed833b834114d7dacebb129d63ee903fe391299ae2ba3d 11460 tiff_4.1.0+git191117-2~deb10u4_mipsel-buildd.buildinfo Files: 81874f773f076105ab3a67a6285bc51f 403892 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_mipsel.deb 4c28fe13032f2630d58dbae1ab4145dd 15112 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb e004246dfb87853a7dc2f4cc735e79f6 122440 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_mipsel.deb 036b9203dd39a63c5f368628171e7eb4 420112 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb ba065b8189cb88802d12d441533cb8b8 296620 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_mipsel.deb 96b96cd45944c6c71413ff8bdfcdafb5 489008 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb 0dec100a1b3054252dd48c16a7c51396 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_mipsel.deb 3a25833b752be749429ff611d457a130 257036 libs optional libtiff5_4.1.0+git191117-2~deb10u4_mipsel.deb 1a60f91551f428b7a938b478e5a7c004 23344 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_mipsel.deb 7120536900066c5b7012ff15314fecb1 118228 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_mipsel.deb 6850a7d3830375e0773a907c654ab507 11460 libs optional tiff_4.1.0+git191117-2~deb10u4_mipsel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEQ5dTuB/7AkreZZfGPYe+ogkxLY8FAmI7iDAACgkQPYe+ogkx LY9WvRAAo6CJGzi6AOHouDGh47VZN2f84dORLgLUXbGUuY/+Y7gmwHE/pmSE1KAy NOqai0leiEm+sdCgrVImeg6Y/r1/C54aPR8oHkuRmkNszrkju3VhYgm3vAjW381h Rbg9yomw7LkU25MgsVRF73F7/IOcKE7qiotFmIgaGAXFA9nzGSvf1VBhpe6V/8AY QW9k/iMl/9mhMzMvgtdC7NoqNbGZA8Q9KHD1WbzJ9RDefzhiEzpmEGxgEJPRFJA9 5nOztBQdyOTlktclD/61oXmlsbGh6Z5KipshP8s1e9nENd9dSFyDZ7dSJO5MXPjh dtCH+1ewOvGG2xjki7r7hym2W8do2mR5Bje8gfXcuDip9ROQh++1zr95GgECwEPP E3MKO19uLW0dZF4axUfYUjkxIaBVWcnepsf46qMOUUhZzv+NumG0XIuGGr47f2va zGexnVoyUy8uSc4Ht+FeeMtcZ8g7IA5NQlBl+Yn1kKqVVrFQtal2+NRlgbhZDjjj 2usURyitjkiWQ+lcgXmhOGhn+mA98kLn/Toix/ldTQV1OMgMmMpixuCg6IlD39UJ 6al30c2oP+tQgiRQ2sDNcb3PWlfoFjtYAJzJS7vhJcVhAE4rBrdAIvMWRf0fXyAR Pk0vUeG3aizHFCS1KbKZ8Qyug8pp7v49n7wz+2fLiZWyZuqD9/w= =1777 -----END PGP SIGNATURE-----