-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 15:57:56 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: s390x Version: 4.2.0-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: s390x Build Daemon (zandonai) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 10e70249c18df8c17e87d730293ebdd2f6f3fcbe 404856 libtiff-dev_4.2.0-1+deb11u1_s390x.deb f54d109158256e262764578864cdcd83b53c4994 14420 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_s390x.deb cd37cf6b670dbe6221632c670e0d3da6d0c97cec 133084 libtiff-opengl_4.2.0-1+deb11u1_s390x.deb 3bb8739bc9bea333649ea9e791e3c364a618da64 423780 libtiff-tools-dbgsym_4.2.0-1+deb11u1_s390x.deb 60b52c95683f1f062a87576dd481feedd394f3ae 310504 libtiff-tools_4.2.0-1+deb11u1_s390x.deb b2fdcc5e219e1a050e4627181ee89221413cdc74 455648 libtiff5-dbgsym_4.2.0-1+deb11u1_s390x.deb 760c25b087b382774ea9a9716343939fcd8ed2f8 125068 libtiff5-dev_4.2.0-1+deb11u1_s390x.deb f48a4d7c7720865be41bf591cf7ef13ead585883 276764 libtiff5_4.2.0-1+deb11u1_s390x.deb e6e01071a738e570c522e2efc6d84689b098df29 21608 libtiffxx5-dbgsym_4.2.0-1+deb11u1_s390x.deb 463c00b0fbe2db12a86229c121bbe5a4ba89a7f5 128412 libtiffxx5_4.2.0-1+deb11u1_s390x.deb cd88d040e6a1947dba05c94e6909a4a1ecd12016 10868 tiff_4.2.0-1+deb11u1_s390x-buildd.buildinfo Checksums-Sha256: daffa966b15aa3ab46060e8a5ef94945727017b57ab27672cbb16c18d2d2f223 404856 libtiff-dev_4.2.0-1+deb11u1_s390x.deb a74df3f0853e60fbad05afe44765c174336a842f5f287290bd164b9711eb3cfa 14420 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_s390x.deb 58f087716f08c86a763f7c7eafe9d0c32159f26c7ff8661c8739787c382713fd 133084 libtiff-opengl_4.2.0-1+deb11u1_s390x.deb e1b3cf2a93e61cc7b23730c2874ad9887c0fcf9467ccd8d8c54169e40499906b 423780 libtiff-tools-dbgsym_4.2.0-1+deb11u1_s390x.deb de2c9193924b68566b2e44e0d4c4d35d1d46df4c416591a0e634d5ea6a821971 310504 libtiff-tools_4.2.0-1+deb11u1_s390x.deb 0043eb2de91e874e9e50c879ec5567ee05bf0097ed972bb7a6a07a4bef358194 455648 libtiff5-dbgsym_4.2.0-1+deb11u1_s390x.deb 1373477c3e9a1d5dc402d8802a64b22aa530aa9105d5bc7ec57c368e75a9d097 125068 libtiff5-dev_4.2.0-1+deb11u1_s390x.deb c1b4e920bbe73f70692381ccdf892ec4f2593b455d77b1271027ff2a5a6a7697 276764 libtiff5_4.2.0-1+deb11u1_s390x.deb 832903f589fd96a110377b8e174baf95ff4b8e0e6f0eeac17fb5aa2e14dc02da 21608 libtiffxx5-dbgsym_4.2.0-1+deb11u1_s390x.deb 480556320037b5091d7232130ba919dc0550cee2fb066e9ae6824bfaa29cbfa0 128412 libtiffxx5_4.2.0-1+deb11u1_s390x.deb c60b7c166358d8151a16724223f3150f2a10920ead22d03db03e1c38ceab10fc 10868 tiff_4.2.0-1+deb11u1_s390x-buildd.buildinfo Files: 78133e29a55822630ddb090ec02dd3d1 404856 libdevel optional libtiff-dev_4.2.0-1+deb11u1_s390x.deb bf48173545e4356810598ec8c0a4765d 14420 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_s390x.deb 9af866002ea48b7024c0093ac0cf1d58 133084 graphics optional libtiff-opengl_4.2.0-1+deb11u1_s390x.deb 0fce204f074c821942c77b64810e6626 423780 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_s390x.deb 17cce4af85e500ed0893192ee87c9f76 310504 graphics optional libtiff-tools_4.2.0-1+deb11u1_s390x.deb 990a9e7be2cff9e6b8fdefe4fadc3efc 455648 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_s390x.deb 098d53f44239e02caf764593bfda8807 125068 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_s390x.deb e240b9247e86d55754cc558613ecd76e 276764 libs optional libtiff5_4.2.0-1+deb11u1_s390x.deb 7919f8b0eb65810e638f36be19bb36cb 21608 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_s390x.deb 3f0ac72a754bba17fbbf168b757afd4c 128412 libs optional libtiffxx5_4.2.0-1+deb11u1_s390x.deb 33eaa12cc8cae5f049289d87302d2d5a 10868 libs optional tiff_4.2.0-1+deb11u1_s390x-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEEwflLi3dfm21PN8mA0zNy/MAOYMFAmI7Z3IACgkQA0zNy/MA OYOZUQ//aCh4CeA1rPhXo8EQ971lGD/OqtLERnrYdcYfIsisIQGPiOHgsO1T4px3 apcsLH2/buUK9Mdj1ohlz5o6v9lpC6pDGhGKcAp3OothShjtmf4Rg7X9q3fl5JHV NxdBc78ngQvl8H30goViNps9AjuznZ0j7X+LghMtwOYsm7OKhcUyVFHGAQbqcm0m IHoJQxt3FOnCJwoeaVX5OfxGgeM3sqLKBLnDni9nOwY44qMmD+uzjpeZqFlQzPhH nesPMVq7yyOaQIQ8syYKmi00Zq9MO1+MsAgksaoI9qOqsRtF6+KXKyD7ZBmqXDa8 CxMYhbsBHIO6WV3P2nGx/TZmJONajC91IZE1c5FcSiNX4oHh7qwVb7Nve9my7U0i BkKIr71pVhCZr10nRSnqCp0DmJGcyI9MF62bH8B6c5SeNYRabkhGfZk8EEgSGV02 9t2/RpFj4pNtHeXVOVz/kPD6DFKMvm/BPMvLNuq8VX46MsXXGVRwthx5NnK4m4WZ MhNme5UiI9PqcyRkwXNVSMoTaOPvEqnBKOg8TzJgCN+87ErTZWy4PMx0220qsDH4 44yo10Hl8aBEr1jYJOREK00RWKgxq4PkVHEnbAv1sWz62RhdEsOXLPISe9RC5EFC bbUWIgN3o3Ey7+vJSqPSTGc/LLPOL8xqzriS7RgpmckjbQQhKSw= =q1Aq -----END PGP SIGNATURE-----