-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym
Architecture: ppc64el
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) <buildd_ppc64el-ppc64el-osuosl-01@buildd.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 6be021e8facee8ad0719905dd128f036f3220cb1 409872 libtiff-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb
 310cfa4a626eb0af55590d7e050b31df0bb288ff 15596 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 e49446e3bccfee6cc79d1c8f6186d45f8654d6f8 123408 libtiff-opengl_4.1.0+git191117-2~deb10u4_ppc64el.deb
 31aeb64bcc223ce65553591c0c64517446b6a65e 426336 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 1f59a1bbcc85b592e176e089f83101ec14c8a4d2 314804 libtiff-tools_4.1.0+git191117-2~deb10u4_ppc64el.deb
 2b8a78fd04ce2af76be50be1152d0f06f3ecc8fc 494012 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 cb83ed02f71b978b6c411d9617a747030f4ff1aa 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb
 2c27404a3b73fe19e79b9aef6aad806aa172345d 280812 libtiff5_4.1.0+git191117-2~deb10u4_ppc64el.deb
 d812c938278b8a5146ad1951a1fe05596e67a0c7 23820 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 65965f96c33d6f8fdebe3b6ab834454dbb0bea47 118184 libtiffxx5_4.1.0+git191117-2~deb10u4_ppc64el.deb
 cc1f462292593225cc878e7f9e1c3c00ba63dadc 11639 tiff_4.1.0+git191117-2~deb10u4_ppc64el-buildd.buildinfo
Checksums-Sha256:
 3e5ad4ffab0eea1cb2455bcd69206c49b357a68ccd96840fce2ab60a87d6a444 409872 libtiff-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb
 376ac6886909aaad0308813803cb8e1b3bfa330164590cba9731161faedb8576 15596 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 2bdf23dd3bb8005b6d09ab18fb2b36090e785f06685bea4200c39c8d6aaac580 123408 libtiff-opengl_4.1.0+git191117-2~deb10u4_ppc64el.deb
 81e49a2532fd0bfba9668d1ad888955ed1c79c59a9be7e12d7a5a3135d2ec3c4 426336 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 11fc204b0e3d3f211fd3387349a4ea2e7707d4be55dc696c0d4cea05a72826ea 314804 libtiff-tools_4.1.0+git191117-2~deb10u4_ppc64el.deb
 95966085e37196b790efb9ad63ba4bc88e9ee8697780d77f8f213ad02b1b6d78 494012 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 33748763a8b54ab7fbe926434031771b2565a43f38a9f47d2f02499d955e10bb 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb
 4240aadbe3df0443a5f7454624c0d0f01fa7b56dbe66dbec6291122129e90395 280812 libtiff5_4.1.0+git191117-2~deb10u4_ppc64el.deb
 193f8f5fe038ede18d176355821ced292ac59b29da8645e499701a0662455865 23820 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 f65a6270028fc8fb64e525ae2aabc229b4b1cf149bd2aedf0fc9e4316eb387e8 118184 libtiffxx5_4.1.0+git191117-2~deb10u4_ppc64el.deb
 22f2fe61e2089a9e33bcaaacd80c7796f0b85fafcf2364e9ab42d8c62b3f2b15 11639 tiff_4.1.0+git191117-2~deb10u4_ppc64el-buildd.buildinfo
Files:
 31c83e9c0e383162b1c9ee287640b790 409872 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb
 f8bc8a17411c896f7f7d6eedc3d64c4a 15596 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 9c837c302fca70762dbc87e6e7116580 123408 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_ppc64el.deb
 c82f1cd7772955194f195a856d61aae0 426336 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 3e3fb7f918e03030bdeaaf7b650bead6 314804 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_ppc64el.deb
 17e3ebce7d4f2e5cccc1712a3297ea1d 494012 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 dca82a579b85cfb7ddecd1d5beea9663 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb
 ab9c4ae6410187926651ea99908e8bbf 280812 libs optional libtiff5_4.1.0+git191117-2~deb10u4_ppc64el.deb
 23c65ceebfb13b8167bd3276048b393b 23820 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb
 05aaeb3ef43265483694d471a34f3785 118184 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_ppc64el.deb
 366f3021cc6308b774a1ec000bc0ada6 11639 libs optional tiff_4.1.0+git191117-2~deb10u4_ppc64el-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzxcBZLbWYROS8SGLQ0vh8H8HxvwFAmI7XX0ACgkQQ0vh8H8H
xvzn3BAAhpE8Gf8U3SpdOFRLVss8e4Ur+ZN1wOYQlxZ7WlW7cQ7UTYAq8e0Z5ruw
RVA8wsgGTZPUHcTOuiHVHDj5zTa9zegkP+SanbcxBFsKQ+AA8G9L63Skbza9yzsk
KXF4m/mBORXSGUKtmnKZZdci66O9VhcLcTvpPejmbRMdLpsLomZdkiE8SVcAnyFj
B3jPKum4DqLHBhbRwmUkk3p9gWZejcUC/OB+xzut94WCCIPXEBNPtdzakQUI8cWu
MrhASAaxeIVP51fC644q9A+24l68Zrfd6t6bJ3q1wMKnaHqwvwplBiBYcK4+oLFo
duHeGncgTonHCo43fC4q15ceWHEHWDj5Ks1691tXhphPvfyIeRtdLan4T/h7vICs
0YSUqNbfM5fBfK2xzBy3Ox4t4YdWKsW5Yrfsx6QLZehmZDwCBkzx0E4MvITUMsMW
hsb14i2BZicKHx2oDsQ2aZL0NW00Xsv0neY1T7k2Ysflu4+v5U9voiS+8zTVeqm4
Vz/QlP+0eGr2wOZj+94caDtrNwDG78wT33RMDXB3GiiCo/iXqYlKl14fKXKZ0ZAv
hMzC1m6GAtiVZi4KORwgsO5FjbuxZkc2cJE8gls/tO9WV3XvgRB+0zIk2BcffWGT
JR3FBzdcX8unk+6wdbWlWbLcp5UJq1OXHeS9PXzEr+s9RuNZcyI=
=ozOQ
-----END PGP SIGNATURE-----