-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: i386 Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 7f812c68e40534ce7ce007e0ba215bc9b83f55ff 438352 libtiff-dev_4.2.0-1+deb11u1_i386.deb c3a194869381a800198373d8c81d73722b45f312 13992 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_i386.deb 1832ad1962498eca64bb2fae59ed46aea1996caf 133556 libtiff-opengl_4.2.0-1+deb11u1_i386.deb 9f012e75144671c03fae76c8dcdb5b85e92be4f9 374128 libtiff-tools-dbgsym_4.2.0-1+deb11u1_i386.deb bbe7e899895088e742e7ea90de81e5a450c2a516 326536 libtiff-tools_4.2.0-1+deb11u1_i386.deb 308f6a630c0fe5b3e600875e3b9d0e483d051ae4 393588 libtiff5-dbgsym_4.2.0-1+deb11u1_i386.deb 52a198bea788d25ea1e111cffed5877624146fd0 125068 libtiff5-dev_4.2.0-1+deb11u1_i386.deb 00fafdd01bbc40f8ef96326b4e3f051f134c6856 305080 libtiff5_4.2.0-1+deb11u1_i386.deb 41ec515b62b9a36937eb0ab5f1b486570047fcff 20856 libtiffxx5-dbgsym_4.2.0-1+deb11u1_i386.deb ae4feaf19c4205c25a27ee09ef1e37a4f06457e8 129156 libtiffxx5_4.2.0-1+deb11u1_i386.deb 7b61180512706fe4bdaf16ee6cb168fe6cc70e2f 10936 tiff_4.2.0-1+deb11u1_i386-buildd.buildinfo Checksums-Sha256: f1b26f1395a5bd30c5a930861f4d9b29aa81f0df1009899348be868768370ed6 438352 libtiff-dev_4.2.0-1+deb11u1_i386.deb afa9caf4bc945770cd3b26f09c2de68d1e298143b749f3cc6da0a67fa9215e75 13992 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_i386.deb f30b9f101b4a5f2c708b35ba54879ccd2d2de89880506d8097c39438f3dd74ea 133556 libtiff-opengl_4.2.0-1+deb11u1_i386.deb e9cb13f9fc0dd29c369cf94425e9cdc9a0f4f78400ad1951c12455b6115f7477 374128 libtiff-tools-dbgsym_4.2.0-1+deb11u1_i386.deb 23b8bfc2b10d83ad20ea4cef47d13ed34cdf5fb2d414c8604969c85a18252748 326536 libtiff-tools_4.2.0-1+deb11u1_i386.deb 2c540b6fd0bf8f36ffe11ef3cf85f9fb68ca312e94a0c4796da2e3ad31b7f52b 393588 libtiff5-dbgsym_4.2.0-1+deb11u1_i386.deb 74c0fb7aecd5ab9d693520f0b089327ec96223b47550de2e026a5b7cb9c0c4c7 125068 libtiff5-dev_4.2.0-1+deb11u1_i386.deb a5d7a29fc8deb209adbac55a78680bc68a2ce44cd126bc0ba7587080b3c9046a 305080 libtiff5_4.2.0-1+deb11u1_i386.deb 76bcc480f2d3c8aedc4d6024448213f49d07f40623f74727b310f831741f8be2 20856 libtiffxx5-dbgsym_4.2.0-1+deb11u1_i386.deb 5e7803f037ac80def4a45531334be1bbb1ede635681570f9b473065d683a1809 129156 libtiffxx5_4.2.0-1+deb11u1_i386.deb beeebfe98323707f1ac64ee44629e06cf23663caa1211cf6551fdefcd180d864 10936 tiff_4.2.0-1+deb11u1_i386-buildd.buildinfo Files: a67a4f0ffb9835801cc261b97a112fb7 438352 libdevel optional libtiff-dev_4.2.0-1+deb11u1_i386.deb 29e9d633a539a25d2f41a003579c8092 13992 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_i386.deb dbfb37d23231fcd56559926aecbbe2db 133556 graphics optional libtiff-opengl_4.2.0-1+deb11u1_i386.deb 5506c0d2b6c0f966f91a52722fcb4b5b 374128 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_i386.deb 50d1845625c1905fc6bc45b98cd512b0 326536 graphics optional libtiff-tools_4.2.0-1+deb11u1_i386.deb 4c4aa72409f51fe704d13b762fc0e247 393588 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_i386.deb 0e3eb18bcc6c230eb065ecf4c8726fed 125068 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_i386.deb 14a46830ec832841b1fd1b14a5d3ab19 305080 libs optional libtiff5_4.2.0-1+deb11u1_i386.deb 8c8ddbcaa6527a8308c7387c0f926bf4 20856 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_i386.deb cf5e573a18912ec4a2c72a1717d03854 129156 libs optional libtiffxx5_4.2.0-1+deb11u1_i386.deb 6d3e7fd4fbe054093fc3eeb280eb9a25 10936 libs optional tiff_4.2.0-1+deb11u1_i386-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZ+kjGN6s2Ioxmya1SqddLxw5rsoFAmI7XYUACgkQSqddLxw5 rsq+dxAAv6LFHZrhj52fAl+uBTtsaufYDQaztCU+ioO9IHpwusTjAreEgN2LiSWW 8Yfc0r7SPwzPhsjA/3kZdU+WhHMgc0U9ZYvvMSf3DjQr8ur0Ow1nV7KpfHH9kpBd bsKfwGmiytysH5bTuRZYzAUAVtYwC2go2abu0hkqDwGeksOah9yl2LDbiJH8wP4z 637OjUrX9HbC5egc36I8pDs9HvCr8TdckK1VO5EiVrlZSM7ceY3ij2ktlQ4nJOam 6XpKOjYOpkXLMTn30fGtLfVu8FPcSLyDga/cdOMg1UZjgN7CvKHcnLEOXG02SLZR Pxj4OGHC12L77cp2zNiqEHfJxnnVa95+lVsS4P474RwiHg/GCK6ROflVK2ZH9U8Y 0Dv8fXeVt40zAO9i9dk8Y1S+s6fmvU08hPYELRC+FYSzVBqs5M6c35y4y3gGlVzf R8bSqZSnQZWDosE8XK7DW4wDCLEUPRdko0vSU0JMtDJiMD+DIxl4D7/WUiGfTxn3 ne93EIE+aSg0daO7BUTsZyXt99EJ7dULcEboDcGPKWPeJbQMNEUispjpdXUDoBom OvirWkRdCsy3NCvCVzQEFP2DgDZA5X/EewkXq4x5wQeNvzy7BJDECtv2jHSwUrNE N++WP7GRtNIRxSRvPZRr/X5gMOhzGhpsmUIDYfQdUUjUc1pSUXo= =om+u -----END PGP SIGNATURE-----