-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 15:57:56 +0100
Source: tiff
Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym
Architecture: i386
Version: 4.2.0-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 7f812c68e40534ce7ce007e0ba215bc9b83f55ff 438352 libtiff-dev_4.2.0-1+deb11u1_i386.deb
 c3a194869381a800198373d8c81d73722b45f312 13992 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_i386.deb
 1832ad1962498eca64bb2fae59ed46aea1996caf 133556 libtiff-opengl_4.2.0-1+deb11u1_i386.deb
 9f012e75144671c03fae76c8dcdb5b85e92be4f9 374128 libtiff-tools-dbgsym_4.2.0-1+deb11u1_i386.deb
 bbe7e899895088e742e7ea90de81e5a450c2a516 326536 libtiff-tools_4.2.0-1+deb11u1_i386.deb
 308f6a630c0fe5b3e600875e3b9d0e483d051ae4 393588 libtiff5-dbgsym_4.2.0-1+deb11u1_i386.deb
 52a198bea788d25ea1e111cffed5877624146fd0 125068 libtiff5-dev_4.2.0-1+deb11u1_i386.deb
 00fafdd01bbc40f8ef96326b4e3f051f134c6856 305080 libtiff5_4.2.0-1+deb11u1_i386.deb
 41ec515b62b9a36937eb0ab5f1b486570047fcff 20856 libtiffxx5-dbgsym_4.2.0-1+deb11u1_i386.deb
 ae4feaf19c4205c25a27ee09ef1e37a4f06457e8 129156 libtiffxx5_4.2.0-1+deb11u1_i386.deb
 7b61180512706fe4bdaf16ee6cb168fe6cc70e2f 10936 tiff_4.2.0-1+deb11u1_i386-buildd.buildinfo
Checksums-Sha256:
 f1b26f1395a5bd30c5a930861f4d9b29aa81f0df1009899348be868768370ed6 438352 libtiff-dev_4.2.0-1+deb11u1_i386.deb
 afa9caf4bc945770cd3b26f09c2de68d1e298143b749f3cc6da0a67fa9215e75 13992 libtiff-opengl-dbgsym_4.2.0-1+deb11u1_i386.deb
 f30b9f101b4a5f2c708b35ba54879ccd2d2de89880506d8097c39438f3dd74ea 133556 libtiff-opengl_4.2.0-1+deb11u1_i386.deb
 e9cb13f9fc0dd29c369cf94425e9cdc9a0f4f78400ad1951c12455b6115f7477 374128 libtiff-tools-dbgsym_4.2.0-1+deb11u1_i386.deb
 23b8bfc2b10d83ad20ea4cef47d13ed34cdf5fb2d414c8604969c85a18252748 326536 libtiff-tools_4.2.0-1+deb11u1_i386.deb
 2c540b6fd0bf8f36ffe11ef3cf85f9fb68ca312e94a0c4796da2e3ad31b7f52b 393588 libtiff5-dbgsym_4.2.0-1+deb11u1_i386.deb
 74c0fb7aecd5ab9d693520f0b089327ec96223b47550de2e026a5b7cb9c0c4c7 125068 libtiff5-dev_4.2.0-1+deb11u1_i386.deb
 a5d7a29fc8deb209adbac55a78680bc68a2ce44cd126bc0ba7587080b3c9046a 305080 libtiff5_4.2.0-1+deb11u1_i386.deb
 76bcc480f2d3c8aedc4d6024448213f49d07f40623f74727b310f831741f8be2 20856 libtiffxx5-dbgsym_4.2.0-1+deb11u1_i386.deb
 5e7803f037ac80def4a45531334be1bbb1ede635681570f9b473065d683a1809 129156 libtiffxx5_4.2.0-1+deb11u1_i386.deb
 beeebfe98323707f1ac64ee44629e06cf23663caa1211cf6551fdefcd180d864 10936 tiff_4.2.0-1+deb11u1_i386-buildd.buildinfo
Files:
 a67a4f0ffb9835801cc261b97a112fb7 438352 libdevel optional libtiff-dev_4.2.0-1+deb11u1_i386.deb
 29e9d633a539a25d2f41a003579c8092 13992 debug optional libtiff-opengl-dbgsym_4.2.0-1+deb11u1_i386.deb
 dbfb37d23231fcd56559926aecbbe2db 133556 graphics optional libtiff-opengl_4.2.0-1+deb11u1_i386.deb
 5506c0d2b6c0f966f91a52722fcb4b5b 374128 debug optional libtiff-tools-dbgsym_4.2.0-1+deb11u1_i386.deb
 50d1845625c1905fc6bc45b98cd512b0 326536 graphics optional libtiff-tools_4.2.0-1+deb11u1_i386.deb
 4c4aa72409f51fe704d13b762fc0e247 393588 debug optional libtiff5-dbgsym_4.2.0-1+deb11u1_i386.deb
 0e3eb18bcc6c230eb065ecf4c8726fed 125068 oldlibs optional libtiff5-dev_4.2.0-1+deb11u1_i386.deb
 14a46830ec832841b1fd1b14a5d3ab19 305080 libs optional libtiff5_4.2.0-1+deb11u1_i386.deb
 8c8ddbcaa6527a8308c7387c0f926bf4 20856 debug optional libtiffxx5-dbgsym_4.2.0-1+deb11u1_i386.deb
 cf5e573a18912ec4a2c72a1717d03854 129156 libs optional libtiffxx5_4.2.0-1+deb11u1_i386.deb
 6d3e7fd4fbe054093fc3eeb280eb9a25 10936 libs optional tiff_4.2.0-1+deb11u1_i386-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEZ+kjGN6s2Ioxmya1SqddLxw5rsoFAmI7XYUACgkQSqddLxw5
rsq+dxAAv6LFHZrhj52fAl+uBTtsaufYDQaztCU+ioO9IHpwusTjAreEgN2LiSWW
8Yfc0r7SPwzPhsjA/3kZdU+WhHMgc0U9ZYvvMSf3DjQr8ur0Ow1nV7KpfHH9kpBd
bsKfwGmiytysH5bTuRZYzAUAVtYwC2go2abu0hkqDwGeksOah9yl2LDbiJH8wP4z
637OjUrX9HbC5egc36I8pDs9HvCr8TdckK1VO5EiVrlZSM7ceY3ij2ktlQ4nJOam
6XpKOjYOpkXLMTn30fGtLfVu8FPcSLyDga/cdOMg1UZjgN7CvKHcnLEOXG02SLZR
Pxj4OGHC12L77cp2zNiqEHfJxnnVa95+lVsS4P474RwiHg/GCK6ROflVK2ZH9U8Y
0Dv8fXeVt40zAO9i9dk8Y1S+s6fmvU08hPYELRC+FYSzVBqs5M6c35y4y3gGlVzf
R8bSqZSnQZWDosE8XK7DW4wDCLEUPRdko0vSU0JMtDJiMD+DIxl4D7/WUiGfTxn3
ne93EIE+aSg0daO7BUTsZyXt99EJ7dULcEboDcGPKWPeJbQMNEUispjpdXUDoBom
OvirWkRdCsy3NCvCVzQEFP2DgDZA5X/EewkXq4x5wQeNvzy7BJDECtv2jHSwUrNE
N++WP7GRtNIRxSRvPZRr/X5gMOhzGhpsmUIDYfQdUUjUc1pSUXo=
=om+u
-----END PGP SIGNATURE-----