-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: armel Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: e3dbfde5b9a12717fedf1cdfd0e148c49b02a835 396956 libtiff-dev_4.2.0-1+deb11u1_armel.deb bc771f8bc65bb34d8efba219a83f89331b3a2fc6 15692 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_armel.deb dc6ec63a11fea83abbdc65ed4cb5eb25a95c98d7 134852 libtiff-opengl_4.2.0-1+deb11u1_armel.deb 26b5b901ac3435acfbb121ddb7af44720c467f09 415800 libtiff-tools-dbgsym_4.2.0-1+deb11u1_armel.deb 813fe6e72486c5c578cf6a8c2bb82b8aaf0c3da1 310680 libtiff-tools_4.2.0-1+deb11u1_armel.deb 80d5ce1ea34cb22b20e0f7f8526129dde5b0692d 422600 libtiff5-dbgsym_4.2.0-1+deb11u1_armel.deb 0d33bbd2919b017c6a0576a0db955383048bd0ed 125072 libtiff5-dev_4.2.0-1+deb11u1_armel.deb 3eccbdb88db754e3d49fa2cd2e02d2c2bc91561f 271436 libtiff5_4.2.0-1+deb11u1_armel.deb 1a4678663088fe4a0624b3193db5c7cea7b55db1 22184 libtiffxx5-dbgsym_4.2.0-1+deb11u1_armel.deb 3824e1efb644c5ce059d69611593dd421aec055e 128540 libtiffxx5_4.2.0-1+deb11u1_armel.deb 5390015c078d20769cbdb79326e00d693df394a7 10847 tiff_4.2.0-1+deb11u1_armel-buildd.buildinfo Checksums-Sha256: 91903f61cc5574e2be3ceac7e874b82305ae92927621fba58828cd78480433a4 396956 libtiff-dev_4.2.0-1+deb11u1_armel.deb 8b8b2d75ce40546fc42fd006f03d89abb8a7a6a8223e096a5b2d7e14c564ee3e 15692 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_armel.deb f636f12410e4e17b5d151a1e59f0b9ef8ccd9cc88574d653c1d54a292dde4c65 134852 libtiff-opengl_4.2.0-1+deb11u1_armel.deb 8a4ccc6062ae8007d31a9f1a190fe3e7cccf7392b4aebb406c2a932b5c8b2df2 415800 libtiff-tools-dbgsym_4.2.0-1+deb11u1_armel.deb 7ed69d643fb6ca41ade78b40dc7bafce56f5d13193999f37913547f130507414 310680 libtiff-tools_4.2.0-1+deb11u1_armel.deb e64729c908c0e7534b55a3bdd2f9447fc21bf8bbbd9423b965c0c8eb04a7990a 422600 libtiff5-dbgsym_4.2.0-1+deb11u1_armel.deb e5879fbf38fcd00f9ac04e0c6dda5ffe1a81d4dc1b2cbadc0569710729ae6f63 125072 libtiff5-dev_4.2.0-1+deb11u1_armel.deb b3aef05b110a90aa89cd1249b4304c092cce278e7a8e73fb058f15a9a61b94d0 271436 libtiff5_4.2.0-1+deb11u1_armel.deb a3e790fdee5869706998274ae8b824f99c9d666d3e8f422a14751320000fbc3a 22184 libtiffxx5-dbgsym_4.2.0-1+deb11u1_armel.deb 53295f1fc63ea8f63089342b5d494f9de7969cc70d6011fd12938f36a60ebcb6 128540 libtiffxx5_4.2.0-1+deb11u1_armel.deb 42a8232214f2fa502bf6f6fb4a0ef7bf4c7396ff482e1a4ba0a5b118dff2a31f 10847 tiff_4.2.0-1+deb11u1_armel-buildd.buildinfo Files: b7fa370ae2fe371cb2066db6d791ea4b 396956 libdevel optional libtiff-dev_4.2.0-1+deb11u1_armel.deb 13111565395d9d857512fcec100c4d5c 15692 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_armel.deb a90930d86cbbea0fdea86c34df189fbc 134852 graphics optional libtiff-opengl_4.2.0-1+deb11u1_armel.deb 0bacaa6f2cc8fe3a4011f8a333cd4873 415800 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_armel.deb 193aadb726e948d36d795e90e3a5ad7b 310680 graphics optional libtiff-tools_4.2.0-1+deb11u1_armel.deb 09f3a3d00c041a483e45cc80ac4d1d97 422600 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_armel.deb edd9cc8a6d4a0d1ea98ac5040a67af56 125072 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_armel.deb 9d2153fa4ecb3431b3af8869fd93ece7 271436 libs optional libtiff5_4.2.0-1+deb11u1_armel.deb d9c933f69aceb5928df34e501ac59d83 22184 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_armel.deb ac803b906a64eebd0730ec88161a75b3 128540 libs optional libtiffxx5_4.2.0-1+deb11u1_armel.deb 74359495bbcdb68545353ee7c6b3cdcd 10847 libs optional tiff_4.2.0-1+deb11u1_armel-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEiJiL30/whmFir9VAvQRvLIDzBdUFAmI7XWsACgkQvQRvLIDz BdWghBAAioWkC9TZjcPbXEqkqpjYMTopwc0KlpzwS815VnvTIewN7skZk+k6dL73 RkmvlhZd91u46MlD9AHVGHqdaEaZdira24AcDj0nyjhNbeIgwuOd6iPrWO+3VQ0k X/wS0kDBjoe9MJGdsHxtx2UGfnMyyPidldraYJon2GiCUNXSzXaP73LBWgYYL6/6 tAXvbSMegKoN8bxhuPUO/9K1UFOgYiZdU8cLp9WGwAATdsOQmd71S90uV2GrVTq+ HUvwyb7BsfXPW2AMA8zy0RurA5bWtXl0rfe0i3bhqCoWHtD8DssTT/RwPa0v9pGD dahU0wREZL1+RSe+ppTzvFTP67aY7abwlg1nYxgU9SvdCNhBAqUrArJrL9nhbgPf w0x67mt487I2eA5uzuv7rM223+H0P+hjfTLvYiLrJ5Bceh5Wy0jvIZ/+IcGgWOyB DOawWlSRLteYfBHbO4J/KqLPC3FhXa9jTSrR5v7094V61PMjWabUtTFSFeb7ZQS2 OPCskobIowE8NS6pg4eJryfIrp1ofMGTlGL/GdwS6l0e9wzQTpAUEETUhLib7dtz iHlg16uOzhqLlDWhrX3ZH4dbZGiezGWbbDJZfUB2a0N8frBNgGi0Y73A1ziGC7nd Cyiz+gVVU3AkY9JH9ox3lIdAxYXye//QascrAy9nLzA6Y1qQw4o= =68vT -----END PGP SIGNATURE-----