-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym
Architecture: armhf
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: arm Build Daemon (arm-ubc-04) <buildd_armhf-arm-ubc-04@buildd.debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-dev - Tag Image File Format library (TIFF), development files
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Changes:
 tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 748303f0afae3ea7151c8556da98b81ed3a50d12 377044 libtiff-dev_4.1.0+git191117-2~deb10u4_armhf.deb
 01a82a113012f271dad041b723f40cf702888dc8 15344 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 88950e12cd59f56e906a34caed5db8b59ae7ab0d 121704 libtiff-opengl_4.1.0+git191117-2~deb10u4_armhf.deb
 a785eef6b0d3a6c5bafb85b203daca1a513e43e8 423780 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 1281a7c0f32f9478daf3cef36789fd684664517a 290072 libtiff-tools_4.1.0+git191117-2~deb10u4_armhf.deb
 57b4967b0da91cea2feacd32e5f45b89a15f5179 475788 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 551c4b0672b4ffb86d883681482c9d31896dd485 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_armhf.deb
 2f6d91ec5b389106e2ec709835d4e1a86065d2f2 252784 libtiff5_4.1.0+git191117-2~deb10u4_armhf.deb
 040cc33f1a568a3e6821608bb9c8dc0a463b1065 23804 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 60bd58c13a85c8a3d94e7ceee41ca173ed72ebe4 117684 libtiffxx5_4.1.0+git191117-2~deb10u4_armhf.deb
 e2b90894c7958d0bd859221f09cb36235f4a753e 11629 tiff_4.1.0+git191117-2~deb10u4_armhf-buildd.buildinfo
Checksums-Sha256:
 4a700042243cd2f46a41196271ee05ba6e06d37d4a2b4b06f807722f06037b6d 377044 libtiff-dev_4.1.0+git191117-2~deb10u4_armhf.deb
 128e407598e2e47cbb71a15196e63fe679b931bbe538c09043ef18f559e3264c 15344 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 948b2ae57e3b99e46e2fcfba2b8a6e42b8f97fea6b49fe2e74e62dd4f0d02500 121704 libtiff-opengl_4.1.0+git191117-2~deb10u4_armhf.deb
 b97a8e0e7146d97ea0f1404c80f421cbf9fdf195e8e8c6dfd57421d212e7c0dd 423780 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 6f8deab1c949e56efa66690212f606a117ddb50d94d892a543eca1b5400fdaa8 290072 libtiff-tools_4.1.0+git191117-2~deb10u4_armhf.deb
 36548f9e47f011ed9c792133390c862da52bfc06156008c4e90ed0591618209c 475788 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 85cfaa092814929da81396819882a77140340ef5b9acf871dd94cbdb615049ba 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_armhf.deb
 f1de48164523849ae7c4f03e6d91c510a14768acc6512d39bf802d1e650d16df 252784 libtiff5_4.1.0+git191117-2~deb10u4_armhf.deb
 72efec38276c550b8f6928263e7ac31d5c5ac71022a897ff65ba7df6580da26d 23804 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 2a320d41816ae0a9e0ff7f73cf184b7a9ab4370323248a23d8f14da9c4142a6d 117684 libtiffxx5_4.1.0+git191117-2~deb10u4_armhf.deb
 3d1a19b87b17444bb63515f46d7ceb87a2f808fb71353242d4b46863eb23640b 11629 tiff_4.1.0+git191117-2~deb10u4_armhf-buildd.buildinfo
Files:
 f30ec17fc25e89596a8504783679c681 377044 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_armhf.deb
 70d722e06381d1aa0319d8ab5e179277 15344 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 3a976b55c964ef761f22c5c86f66864e 121704 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_armhf.deb
 56ecfd63670f8e6f3ce4815f1ec792d8 423780 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 74d7473b759298c2d8bfa672d6f07e44 290072 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_armhf.deb
 e67ac786494fa94ae0ea4769522a59cb 475788 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 597bb9defcda4e30365cf580c66fc7e0 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_armhf.deb
 9fc97a4675871475276d6203416be12c 252784 libs optional libtiff5_4.1.0+git191117-2~deb10u4_armhf.deb
 f28d27da24db44cf952807ded651d969 23804 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_armhf.deb
 509ee4ad7162686b25ade31cb5c666e4 117684 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_armhf.deb
 77a666b98c72a472563c06a0fae749bb 11629 libs optional tiff_4.1.0+git191117-2~deb10u4_armhf-buildd.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEnkOoRyjJ0+t2tN7OjOf+cynECFcFAmI7XdkACgkQjOf+cynE
CFfwxRAAjRhK/VPrmxqpWybAL9WD/6Y6H3nQ3OdFxzNYN5W1R4077tDwfigFl5UN
TYUhpjuy4eO6T87rJ73BG5ZcbCdtJpa/fBHstalvH5BNOwDRlPIwXXTRh/8wF8v5
1RyosYzTGpg2xBc50z7ioH3gSmORoc7SZJiFRr5QnnhrOBaq0DnJ99foAloOywt5
KpjXLqvn88mr67gUbRtXzf8t+b/kmyyd53B9qOwkauUKloEw6vRw50Ov0dj22RPk
Gzg7McPT24tT7FVnhyVfT9wO1aNBSWCE6Hbnj+Ho7CcOltRV6z0/fsCHlS2xFiv8
q6F6bh68Aip1kOxg3mBZVRD2oCmTzNC7KKY9rHIDeliSe7tSMziSEaen3UVI03JD
SmmJTH/+5DCruNoxf+UaAIeD+YxUypQ2EMmzDvlksD3PAS/JSGo7EELXSYDxDjDP
vd9LvzZ7ZO5gn8i1Jr8xc9kB5He0nRohW74PO3HjCfp2GVGNgiMTolzpDmf3B6US
L+orwEeQbWVah3tqXIgwYsLbOvEqAPBCVv0HhYI72mBWewPGKyvh2jb0r1rsnFh0
H/HaEakt/Zad+tcCeamSZWbiS5Mp68LsMYJNdLtsTbfk3DAN2D2/ovGwr0Nz9Q1Z
S9H9d4TfftRSaQ3TJhafSaPEBGqV/zFJ8A/8UWNr5t+hz+CtJq0=
=1tmJ
-----END PGP SIGNATURE-----