-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: amd64 Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-csail-01) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 4199958f8ba6472c6ebbfc0460e5564e11a58667 415248 libtiff-dev_4.2.0-1+deb11u1_amd64.deb 46e4e9fa1d05bab867da50877e89d1b028bdd9f0 14580 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_amd64.deb 07541b7e88878f9b524a5f86fe45a8e7804b89cf 133372 libtiff-opengl_4.2.0-1+deb11u1_amd64.deb 3917dfb409929b12d533325a50b5f75a59f09847 423172 libtiff-tools-dbgsym_4.2.0-1+deb11u1_amd64.deb bb81a7545268ad1388c7e0796abfd857f3d9c0f4 321812 libtiff-tools_4.2.0-1+deb11u1_amd64.deb 4b01a1e1beb18f8b4fd35afea7784a476ad542de 441652 libtiff5-dbgsym_4.2.0-1+deb11u1_amd64.deb 543b4e418d45e10a82ba38112be2bf37993895b7 125072 libtiff5-dev_4.2.0-1+deb11u1_amd64.deb e3e9bab80d9fb2ae94f0b875368fff571524a7fc 289376 libtiff5_4.2.0-1+deb11u1_amd64.deb 390ae1d4ee5ad1ea0c4260beb2d5c8da570696c0 21676 libtiffxx5-dbgsym_4.2.0-1+deb11u1_amd64.deb 32b36a54ef832bd5bc4389cdc18eeb50e0e82341 128448 libtiffxx5_4.2.0-1+deb11u1_amd64.deb 07731d9a3d0ea0087f501a3c9844e43c163e2c75 11005 tiff_4.2.0-1+deb11u1_amd64-buildd.buildinfo Checksums-Sha256: 9936e0503ad418bab17e59dcf67a39c752a3d489b2f3d228b59e07fdcd4860e1 415248 libtiff-dev_4.2.0-1+deb11u1_amd64.deb d5f02035e42a073d30e1fa5a0f2a9d1ec40d078cd6521d3c46a0df479e81baca 14580 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_amd64.deb 7b2a467e031165e4c056d478dfec4f80cfcddd1b30f5f691f17d4f3d06807a61 133372 libtiff-opengl_4.2.0-1+deb11u1_amd64.deb 700d67ec8e7a5a0fa72be670a5d5b5849a1f0057fdb0d79f37d4efd22f6814e0 423172 libtiff-tools-dbgsym_4.2.0-1+deb11u1_amd64.deb 4bf51531ae1ae4b969dca7455e3475d13a97a87103191434efce5b789583faa9 321812 libtiff-tools_4.2.0-1+deb11u1_amd64.deb 66ef9935d508b89564e12da20a680e4dcbdb0575cef842d81e658e1cf4d6c72d 441652 libtiff5-dbgsym_4.2.0-1+deb11u1_amd64.deb 51c303958964130eeaa3b5b4737a207f161e61276bbbbd1740c50e2382b5092f 125072 libtiff5-dev_4.2.0-1+deb11u1_amd64.deb b22d25e14421a36c4c3b721c04c6312d79ccd91c9a0e2291f58e36b8d4a07fbb 289376 libtiff5_4.2.0-1+deb11u1_amd64.deb 7e80a0b02c4ad5b3898283001985d356dcad798879583245eea68cce2d94ea07 21676 libtiffxx5-dbgsym_4.2.0-1+deb11u1_amd64.deb bf54e53c47a81c51068b03fee8a53c6bd53a6c115218c34904fe69c4f725c9e0 128448 libtiffxx5_4.2.0-1+deb11u1_amd64.deb c3ab24c24ef290e830ec54d3db83a6e6ac790f1766a573eaa1e856c4a7b01100 11005 tiff_4.2.0-1+deb11u1_amd64-buildd.buildinfo Files: e36536b45900823b1b1977bc28083afa 415248 libdevel optional libtiff-dev_4.2.0-1+deb11u1_amd64.deb 1486c0e50f886a330876373dfd336ffb 14580 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_amd64.deb 9e71257ef3bd5990cfd0f229c988166e 133372 graphics optional libtiff-opengl_4.2.0-1+deb11u1_amd64.deb 85bfc84dcc15ad7c2750dbb8d88975e2 423172 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_amd64.deb 7f0694e2b9140c570de580ec74e6d0eb 321812 graphics optional libtiff-tools_4.2.0-1+deb11u1_amd64.deb efbd6f70f57647bb9ce1a1bcfb0914ff 441652 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_amd64.deb 13e58f36bd161275d8b7c4772ab51a63 125072 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_amd64.deb 60a30eeb533dce6f648eaee65ad66111 289376 libs optional libtiff5_4.2.0-1+deb11u1_amd64.deb 0fa433ef3cccf76272f36952b67a83fd 21676 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_amd64.deb 076dfa5e3fea0879f9d67f23f0ba0a6b 128448 libs optional libtiffxx5_4.2.0-1+deb11u1_amd64.deb 3365a7adb41c538a9aefd39da1258b5d 11005 libs optional tiff_4.2.0-1+deb11u1_amd64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgTtIulJqCiUOC8/RqX+JKfZgT24FAmI7XbQACgkQqX+JKfZg T25UxA/9H2NQ1JZgCMGt8utEPd2gRQGZPLF+w1NElNpKOqFX8negv4TWvec7UUOL S/XjR63j1oMlqRGTpGDOudoNTZOk+qSQ0c4SYsCWTlovuhnmh43D7G2gpsLb8/ok XV9cGpy+Sw6rQ8RaTCOLDPjz9YN2TN9ReEieMrtKTHmT3vmZlWHVNDZZ8oOjGYoX xfSuzPHy5JoaLZ2K7GjVxm1IfE8K8BKXloz4ceGyMLY7UZsICEBZzzBc17fVJ/9T XpYSW0vDDZm3BpGsTdKRZ8uDsKCBtwUPXb6oaWKQ53jI4juDQwfW3BXFNLOvNunE brB3BlQjehjvBIwm67+pJ9Ouxkk+RWMZB50F5k8JNnw95/bpu1UfuvXJ6YHVKczF neL5gtClrgTsFjGiQByO+DBLru4H4+8eul9Apv6kHtllALNLTMAtgRvT6ukuAT3A 6ldLmUvM0VFypY3kKu1NHdlWiGlNq0BV7Gv96WBDwCXxHBN0eMfcAfUARAt+d4+M is/JhVDkjEoPth+kNZ3I4nXsgqRZ3cIFDOY+cVHA+VINgzX3gXVFKhniJP6QTofn WJEbVPgTd5rHIk8PuJgVFAWH7lnpmya4zFbf53BJ6apKswb6nigYdqQKliRLL8AQ 1rb+DUndBxH10pUhUOuoFuUGxQOB6ZZ/dSwhosCSiBxUzMMJ/wA= =d1Ng -----END PGP SIGNATURE-----