-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: arm64 Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-arm-04) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 6aafbf8823d597870aac3a79a8c884f2cdf7ab39 404644 libtiff-dev_4.2.0-1+deb11u1_arm64.deb a567f5dcbbb76514460ac2d063b89c9113145dba 15016 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_arm64.deb a6ee59160da3af215af3e5ff25db5c28c624b64c 133096 libtiff-opengl_4.2.0-1+deb11u1_arm64.deb 91bf11ccd5b44514c711cf40f25e24a66aebd294 418316 libtiff-tools-dbgsym_4.2.0-1+deb11u1_arm64.deb d1dfe32c2fcd5a5f5fae2c521ae3abc83e0610a9 307220 libtiff-tools_4.2.0-1+deb11u1_arm64.deb 760d6b00970ee5a5569331bfc83becdad3b78b15 440540 libtiff5-dbgsym_4.2.0-1+deb11u1_arm64.deb 0760a62f9c869a5c27d4acbdd8a33a108f758187 125072 libtiff5-dev_4.2.0-1+deb11u1_arm64.deb cbf4b8ab622fde638b58e629405cbc5c57ff4df7 276992 libtiff5_4.2.0-1+deb11u1_arm64.deb 28f7283bb160e633535fd0ac16831650894cb3ec 21712 libtiffxx5-dbgsym_4.2.0-1+deb11u1_arm64.deb adcd68d3f5ccf447560124ab522de515acdbcc47 128384 libtiffxx5_4.2.0-1+deb11u1_arm64.deb b0126a299b944688d700ed5ea5db0ea6594c4716 10918 tiff_4.2.0-1+deb11u1_arm64-buildd.buildinfo Checksums-Sha256: 7a399d4215c787f8f78abec0d96822559a16d33d73750d588079c7445da02bef 404644 libtiff-dev_4.2.0-1+deb11u1_arm64.deb 41ab76188b09aafeb6bba360a4c1a11cae889e44225bfc8e00f1398462838ceb 15016 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_arm64.deb ee52f1960349b987252c3970502720c2d5a1f05f515c583a3a01d64927018ece 133096 libtiff-opengl_4.2.0-1+deb11u1_arm64.deb 3c56ba400b978d5b60a82104e5ebcddc101828a4c952cdbfcd082808698fa74c 418316 libtiff-tools-dbgsym_4.2.0-1+deb11u1_arm64.deb a8080e4d74b3d389d3a5287a60ace2bd749ed09176d614cef4d6848b4e8247f1 307220 libtiff-tools_4.2.0-1+deb11u1_arm64.deb 6bf5af74006e011268177a0d2280ebf7259fcf1b1119edda97ea036d574a05ff 440540 libtiff5-dbgsym_4.2.0-1+deb11u1_arm64.deb d3a95ab68420bc71a90c48f428f42ed0f0ca899845ba455b4fe53f49746bf3db 125072 libtiff5-dev_4.2.0-1+deb11u1_arm64.deb fdb29f5dcae827ef3485c4395f2937e8880e3022fb72757965888e83bb096b6f 276992 libtiff5_4.2.0-1+deb11u1_arm64.deb 0be205cc9d6485ed930805fe18e9a4bf137d8dc073b90b9078c47cdd52bfa441 21712 libtiffxx5-dbgsym_4.2.0-1+deb11u1_arm64.deb 5126597feca5b7f97699c1f38596be99b9db7422c6c521b8270d5a0389606654 128384 libtiffxx5_4.2.0-1+deb11u1_arm64.deb 4404d06546205ef27e638568dab2396910e4d58a4f1e6fb0e8a23d36a0398fad 10918 tiff_4.2.0-1+deb11u1_arm64-buildd.buildinfo Files: 9ab3d926ab5fa0b8d2a2f0ff6695bc72 404644 libdevel optional libtiff-dev_4.2.0-1+deb11u1_arm64.deb 988b9bae8b81ed22b26fa3fb137300f2 15016 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_arm64.deb f4542f30bfe9ce7cb3ad3b12cbcc1d6e 133096 graphics optional libtiff-opengl_4.2.0-1+deb11u1_arm64.deb 8d4979cd67287de0fe63a8d63366af6b 418316 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_arm64.deb 770a694a5a9d7d78a1a2bfcbd7ae3b4c 307220 graphics optional libtiff-tools_4.2.0-1+deb11u1_arm64.deb 642e12224ca59cb8a4b5fdfe2b5edc0d 440540 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_arm64.deb c2bf45c1ddf54a924bb62723737663dd 125072 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_arm64.deb df6d94fc5e176fcd94dcf027cd96dac3 276992 libs optional libtiff5_4.2.0-1+deb11u1_arm64.deb d3751a46acac3dfb156a91e03e23d8f7 21712 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_arm64.deb 4f11143f02676b470a5ce4ca48eb7ca3 128384 libs optional libtiffxx5_4.2.0-1+deb11u1_arm64.deb 0a2d31664e6765b841ac2fef53a5d89e 10918 libs optional tiff_4.2.0-1+deb11u1_arm64-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEGFZGCBbRr4pxWlfP0mfhJswyuHsFAmI7XcgACgkQ0mfhJswy uHuOcw//acfNAC6xcdiYcWcJddG9riGlFPnbUzakSU+OyDvTi3nrZemQ6ySlLxcP PFRJSlc4/nrl7+zH3+OPkAc9Ue7UM2P2m8+m2FOX/HRUgFkAqRo2yMZ4ZI7tj9zo FbwjvMhoasnJVR2Lqss9kyMkfHETphVMtz4T2LCGXfBwURlJTKTgEUiV0f3k74E9 DSnEWZsIhTqmgvBEnlp/7ew9fdicQb3zxWyxBh6pCxHau0endivNZLdWp19OX35R c1/3pFVF7HgDV7n+ZmSSdaTkBciq8nDd+vCy1IoFgumi1iH2UmneQAjrG+QBoANr 3eRfbMh0Gk/pUIk8qL6Vu020XG7xg+67+Nduoi+Xm368sy/U3SmJVnwq5K/mLotN +2OC3mCFrGxbKkblrmZVSw5THwUOrncB5C/XCMmNs2O/wj2c8Kc0ACyhCVLetMXw vSQPLAmGOljYk1iTDiKMisRWhebgpkO8GgKn95Ve+4ovLIJrla/35PCgeyR2Rz8a roXUNerInKNif9l7PZwTuLYZLArAZQcDt4eADjrhkPC8XOlywMB91l1suUsvEKEK 602HYizOtmnWeznpi2kMgPj/m7Cs9D0944t7e0zciSDfN3AM46VHx1hbOreoFFPY JFcoOpxLMFbEXPaMhNPxu841RI6xEZkiswHrvjq5xWou+N/e/QQ= =lHY6 -----END PGP SIGNATURE-----