-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: armhf Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: arm Build Daemon (arm-arm-01) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: fe91e5df85702930f630d74cf1d0acdbbf2239ae 397708 libtiff-dev_4.2.0-1+deb11u1_armhf.deb 65486b97874ba2344c6e6451c73f1131ae6214cf 14920 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_armhf.deb 9408426101703df4af56cedbab1bce75512914bd 132624 libtiff-opengl_4.2.0-1+deb11u1_armhf.deb 7113b3ee5ee9350a1e6cec6294fdfb1cbbc0150f 418372 libtiff-tools-dbgsym_4.2.0-1+deb11u1_armhf.deb 38c1b41ddadc24285a3299eb2cb07ede940bc802 307392 libtiff-tools_4.2.0-1+deb11u1_armhf.deb e73f1e2eae9fd7daade218dfc47e0adb1c6a8a14 431476 libtiff5-dbgsym_4.2.0-1+deb11u1_armhf.deb 7367a3ee5b651f1ff7fa7eab2e9b0badb96b4269 125068 libtiff5-dev_4.2.0-1+deb11u1_armhf.deb ae4dfaec30ebb9148aeb3a5dfddb78661cd74692 271572 libtiff5_4.2.0-1+deb11u1_armhf.deb 62f9f4d9faa79ff2b0073c2821b5129a638c2441 22240 libtiffxx5-dbgsym_4.2.0-1+deb11u1_armhf.deb 26e6d9edd70e3851626f92419b9e23f0eb5d8f57 128444 libtiffxx5_4.2.0-1+deb11u1_armhf.deb 642feb0c266cac088ed362840bb516d01767c921 10849 tiff_4.2.0-1+deb11u1_armhf-buildd.buildinfo Checksums-Sha256: 790637f23754053ef721bd7fa538aee607d35d9a45d53ab1f88bb4687d9fa55d 397708 libtiff-dev_4.2.0-1+deb11u1_armhf.deb b5ded795b64947c3b9211704f16344bbe8b9744aa412b58ce7d7edd2c3ebd2a9 14920 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_armhf.deb 48f364a9a14c9d55539d28144434b6ce91b06b0ab2286d11f5ef5034c55c8b80 132624 libtiff-opengl_4.2.0-1+deb11u1_armhf.deb 32b3353553c21de11c4d245c075476dd4e3390cca427ffc24147eec3e726b354 418372 libtiff-tools-dbgsym_4.2.0-1+deb11u1_armhf.deb ce93303ac1c239d4a8441eb305501d8970080116b57c413b763a8d1a8c053224 307392 libtiff-tools_4.2.0-1+deb11u1_armhf.deb d1c6314928c4c0459315292713d3d2c803a7a94ef71f3cd09c7cc191c3e9d088 431476 libtiff5-dbgsym_4.2.0-1+deb11u1_armhf.deb c96c5b139062421ee3df2044e833322a74a8d45bd854e72c4cdcdd18c1e6a0ac 125068 libtiff5-dev_4.2.0-1+deb11u1_armhf.deb 8050edc0c651aa2bbaa1c7c6b063bc5641592fb70111ce04e9948e0ed4a2d5f6 271572 libtiff5_4.2.0-1+deb11u1_armhf.deb 208f0d4d26e4561e01ee26deb032ea5b5d8d4110751204d571f2bacae844ed3d 22240 libtiffxx5-dbgsym_4.2.0-1+deb11u1_armhf.deb 28f08afdbe19e90122834842f891188f37e79a908660256eeec29153665083d7 128444 libtiffxx5_4.2.0-1+deb11u1_armhf.deb 9aca092b08ce10b3919ad717f9cdee68879c8805db07a62eff670c3d659deab4 10849 tiff_4.2.0-1+deb11u1_armhf-buildd.buildinfo Files: 926e8acf099fd9870695798cd68c0a17 397708 libdevel optional libtiff-dev_4.2.0-1+deb11u1_armhf.deb 22d2a898aed90850f1afba428ef3d1d8 14920 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_armhf.deb 66e3fe67dd2ccd527e9f44ca53a7199f 132624 graphics optional libtiff-opengl_4.2.0-1+deb11u1_armhf.deb 520dc0e42765fa96525358f46558c13a 418372 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_armhf.deb 4476fe0651f288bcfe50da70e147e8f1 307392 graphics optional libtiff-tools_4.2.0-1+deb11u1_armhf.deb b9f3d0ac12141c498fc0c3fb069e4ca5 431476 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_armhf.deb eb872fd0e80947b6b2cc300c58362e9c 125068 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_armhf.deb ad031d8a56ae270343b91b408b45c528 271572 libs optional libtiff5_4.2.0-1+deb11u1_armhf.deb c9535577047ebd34e8044b939d79c9cc 22240 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_armhf.deb 63f942617a8ff253ca1b3770f43f0ed6 128444 libs optional libtiffxx5_4.2.0-1+deb11u1_armhf.deb 67ce96e8a953cad61b7342e5141cd174 10849 libs optional tiff_4.2.0-1+deb11u1_armhf-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOrosGNnYCm3/302DbdsJ0BtdQQEFAmI7XTcACgkQbdsJ0Btd QQGZJhAAij3wiOYu+RekctT56ielPiP28IhWfMqtAbPakHzHJTnBofkG2JdP8Zp5 kkWvL2IyJj0dqw4JSe9IqdXCninIGOs53fTVgISDj6befTn0dJQFhog6etJWiKY4 HOuruo1nz87nJS0I6FcLVzdZlxPyXvPL9cTdjeeTRV0N0bUwQZjTRMikfkuxui3i lr1Z4tbQvWEqZ09x5pvrcvTReez4TRJ9xD/FL0LbYMNp+3CoOhuz3dKWO4Q9Q7tz yGWVGgklAw2FfuOtJT0DnjEhke06lvtOi7YDxDYZVgrIo1IqtKwW4HAy5w2APEtY VX7AYxHStsAL2kSEeoxGIZVMdYC02dAkZvLAeWi5RgxwPS73ZTBFH+WvYr9EATFS ktyBN4U6B39onYL0ViR11ro9K6ahlDyuwY4PKLc/Ket7YPanx8QkvittZwx/vW8U CXNAy9+SsblVM5rhPGBICCpzmCn8nE8lc6MfA45Fs7NRSHmoQLTDAJbVbZZ1f9nR nzdP8MDB0HOzzT0bCDMS+yAKCFaKuSuNj/hFR3kedBrvp7IfAQifVKXrYM5aWrRS bD2bdXO9m+0uWimc23ZqtZBGAMb5/0SVNvaTrXZkhKt1qDuhSFRblduzkSZ1y982 oc959XbmVbYfRtEge8lJ73Ao/wFnC3W1oAi47R7R3aKMFGg4n/E= =vSqk -----END PGP SIGNATURE-----