-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 16:03:21 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: s390x Version: 4.1.0+git191117-2~deb10u4 Distribution: buster-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: be73bcc4507559b9617fb32f0f7750420f7b0c15 383276 libtiff-dev_4.1.0+git191117-2~deb10u4_s390x.deb 78f81d13948cf5b04afa007aa0c2f21917d95b59 14860 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb abf94d966d74fc59dc0b4e7f92b490d8cd7de19b 122232 libtiff-opengl_4.1.0+git191117-2~deb10u4_s390x.deb 3921cc928bb5691764038cea161f04a5b114a06c 428180 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb c415974bd7563fe9bacd4ddca999dc5500901690 292780 libtiff-tools_4.1.0+git191117-2~deb10u4_s390x.deb 2e23b4b8b99c0d5eaebd9cda727891a38151ffc4 507812 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 6d359504f9a0f023871b4e3e61165264cbaac7f9 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_s390x.deb 35e64b9a9c7486ad4ed25c275e22d57bcadb4dd4 259736 libtiff5_4.1.0+git191117-2~deb10u4_s390x.deb 5a483812e72048121744a708ffdce496fefb4f0b 23492 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 2853183b70e3f498af360e3d65b06cf17d66f6c2 117672 libtiffxx5_4.1.0+git191117-2~deb10u4_s390x.deb ead0cf26e15f0d8d574f6b5fcece1ee0df0c2fa3 11512 tiff_4.1.0+git191117-2~deb10u4_s390x-buildd.buildinfo Checksums-Sha256: a8a27ec6290a5aab77e20a0d47f527972de833a70abdd3b2227503aec6a7b4d3 383276 libtiff-dev_4.1.0+git191117-2~deb10u4_s390x.deb b14a7cbe26168d34ff6b0851624dc35ca9fa5debf4ae4bc01d4a1be4ab76c1a6 14860 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb cf52bcffea974ba8c05f2c86013d8833821cec9d01f3109021c2364ae0a2777c 122232 libtiff-opengl_4.1.0+git191117-2~deb10u4_s390x.deb 519a4721cf55dc74570ed5f19ee91dac99a9dc1b2fde475fafc3b190cc40d81c 428180 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 3582dcd828f4c3fa146012b4c80cf8b130b29c2501f3d98f0647d7bc166d298c 292780 libtiff-tools_4.1.0+git191117-2~deb10u4_s390x.deb 643e51632a33eb668fc4f2f651659d7408e86bae083a54000bfe8365b3ba426b 507812 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 85026b9ad98954f6551c8530c0c292d7212b284db030e02d19508c638c1b2503 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_s390x.deb 5804156a305b4b6d225603db18b6591f7503287c47b4db3b9c9648241b1446c8 259736 libtiff5_4.1.0+git191117-2~deb10u4_s390x.deb e9be3033d836ed969502abbe96491bb9062ad6fc7d2ff8a679c9d2e9cd5305d5 23492 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb d6f6c3e1ea000d41f6e7e17efe88b5d4f62f4fa476fcba766f864f8bbf99da9b 117672 libtiffxx5_4.1.0+git191117-2~deb10u4_s390x.deb 2fb2c749a65be43a85041611e0a052717e511821a311fdc90be9423599bcafc2 11512 tiff_4.1.0+git191117-2~deb10u4_s390x-buildd.buildinfo Files: 8e59473ef2189820e5c68b42f32c2626 383276 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_s390x.deb 84fbbeaadf3636cb1c8923d973ec187c 14860 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb c06f4b6a94664b9568f8507790c6d10a 122232 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_s390x.deb cd066d0c0311c04c7e28ecd672044c64 428180 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 175045bf5c216ed602e4f1a62f341d88 292780 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_s390x.deb 440143ff49a428d48b800d9b14643e9c 507812 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 62d5368b90501866321a1c1f71d49e14 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_s390x.deb 11a570d7fba6b93e89a8bb36e0523b6f 259736 libs optional libtiff5_4.1.0+git191117-2~deb10u4_s390x.deb 896287e4e387174299cd2d96a1a03b2b 23492 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_s390x.deb 180294f07892ec3191c164b35b377eeb 117672 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_s390x.deb 16114c2c0ff5a10b483b8e61b665e3c0 11512 libs optional tiff_4.1.0+git191117-2~deb10u4_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEmWIkkgUuS9gv4cQs2fsV5+cTvxoFAmI7XRcACgkQ2fsV5+cT vxp3hRAAkpBsKfT1m6fORGEV1Y8+J2Q9jyON2/93fjnDFEeCp56u/2y5mDi5v/OB bRkHMWMhvOzub0kXPaRNwHK/zdyhbbZRgTJpFCBzR9pTjkMuwJ1kgcmN4kr9Ui3C i8YJQMERWoL/LkptO3zVStzYPHYL6Zd2w5ngxYdAp5jpAbcAKe7cW0AlHoZIxyyM v3gdCIgN2hNK22Rx7JoZrDw7hKa6465YiOLhyXM1nE8AXSbcLIbjGcE3J/qt5p3P QH3Ez7g9LzbQnQwOfDFyysZoDeQVAofUbiUApxQc+ovItpI9A483Bx2ex8FGoDVs wK0P102yVudnitcNpKDtCmz177blcahvUWNHD+4ABV1yRPxo0+3QpfyHA3DoEfZI FVOghoCjc/8PdE6cI9ppO/KWOdOI4YE2mOO86h4WphnevjHjjPZ1peFuxct/Gt7W cCc1GHtiiTe6Fm+77Th88NsXBzbA0QS//5o7BH/xVW5stXLkhwhbbb3NPw/m3V8u mgzI9NBjF9SU9OpJFQr5DnK/GkTSBZFsAI1NiUYdWOc5d616PYlpn9p+sLbEV3JU UPBuEHlPsZteHUe1hMiSu7NIbaUK3SnxdeTLHfm0Xq7G/b854cCDn2j7oXiRnlm0 adwtkl1LRhLwjlHnxvl98vNgIohJL6/ojOva6k5G0gHMKs2GjG4= =LebS -----END PGP SIGNATURE-----