-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 16:03:21 +0100 Source: tiff Binary: libtiff-dev libtiff-opengl libtiff-opengl-dbgsym libtiff-tools libtiff-tools-dbgsym libtiff5 libtiff5-dbgsym libtiff5-dev libtiffxx5 libtiffxx5-dbgsym Architecture: ppc64el Version: 4.1.0+git191117-2~deb10u4 Distribution: buster-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Laszlo Boszormenyi (GCS) Description: libtiff-dev - Tag Image File Format library (TIFF), development files libtiff-opengl - TIFF manipulation and conversion tools libtiff-tools - TIFF manipulation and conversion tools libtiff5 - Tag Image File Format (TIFF) library libtiff5-dev - Tag Image File Format library (TIFF), development files (transiti libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface Changes: tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high . [ Thorsten Alteholz ] * CVE-2022-22844 out-of-bounds read in _TIFFmemcpy in certain situations involving a custom tag and 0x0200 as the second word of the DE field. * CVE-2022-0562 Null source pointer passed as an argument to memcpy() function within TIFFReadDirectory(). This could result in a Denial of Service via crafted TIFF files. * CVE-2022-0561 Null source pointer passed as an argument to memcpy() function within TIFFFetchStripThing(). This could result in a Denial of Service via crafted TIFF files. . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-0865, crash when reading a file with multiple IFD in memory-mapped mode and when bit reversal is needed. * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 6be021e8facee8ad0719905dd128f036f3220cb1 409872 libtiff-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb 310cfa4a626eb0af55590d7e050b31df0bb288ff 15596 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb e49446e3bccfee6cc79d1c8f6186d45f8654d6f8 123408 libtiff-opengl_4.1.0+git191117-2~deb10u4_ppc64el.deb 31aeb64bcc223ce65553591c0c64517446b6a65e 426336 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 1f59a1bbcc85b592e176e089f83101ec14c8a4d2 314804 libtiff-tools_4.1.0+git191117-2~deb10u4_ppc64el.deb 2b8a78fd04ce2af76be50be1152d0f06f3ecc8fc 494012 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb cb83ed02f71b978b6c411d9617a747030f4ff1aa 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb 2c27404a3b73fe19e79b9aef6aad806aa172345d 280812 libtiff5_4.1.0+git191117-2~deb10u4_ppc64el.deb d812c938278b8a5146ad1951a1fe05596e67a0c7 23820 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 65965f96c33d6f8fdebe3b6ab834454dbb0bea47 118184 libtiffxx5_4.1.0+git191117-2~deb10u4_ppc64el.deb cc1f462292593225cc878e7f9e1c3c00ba63dadc 11639 tiff_4.1.0+git191117-2~deb10u4_ppc64el-buildd.buildinfo Checksums-Sha256: 3e5ad4ffab0eea1cb2455bcd69206c49b357a68ccd96840fce2ab60a87d6a444 409872 libtiff-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb 376ac6886909aaad0308813803cb8e1b3bfa330164590cba9731161faedb8576 15596 libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 2bdf23dd3bb8005b6d09ab18fb2b36090e785f06685bea4200c39c8d6aaac580 123408 libtiff-opengl_4.1.0+git191117-2~deb10u4_ppc64el.deb 81e49a2532fd0bfba9668d1ad888955ed1c79c59a9be7e12d7a5a3135d2ec3c4 426336 libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 11fc204b0e3d3f211fd3387349a4ea2e7707d4be55dc696c0d4cea05a72826ea 314804 libtiff-tools_4.1.0+git191117-2~deb10u4_ppc64el.deb 95966085e37196b790efb9ad63ba4bc88e9ee8697780d77f8f213ad02b1b6d78 494012 libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 33748763a8b54ab7fbe926434031771b2565a43f38a9f47d2f02499d955e10bb 114032 libtiff5-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb 4240aadbe3df0443a5f7454624c0d0f01fa7b56dbe66dbec6291122129e90395 280812 libtiff5_4.1.0+git191117-2~deb10u4_ppc64el.deb 193f8f5fe038ede18d176355821ced292ac59b29da8645e499701a0662455865 23820 libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb f65a6270028fc8fb64e525ae2aabc229b4b1cf149bd2aedf0fc9e4316eb387e8 118184 libtiffxx5_4.1.0+git191117-2~deb10u4_ppc64el.deb 22f2fe61e2089a9e33bcaaacd80c7796f0b85fafcf2364e9ab42d8c62b3f2b15 11639 tiff_4.1.0+git191117-2~deb10u4_ppc64el-buildd.buildinfo Files: 31c83e9c0e383162b1c9ee287640b790 409872 libdevel optional libtiff-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb f8bc8a17411c896f7f7d6eedc3d64c4a 15596 debug optional libtiff-opengl-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 9c837c302fca70762dbc87e6e7116580 123408 graphics optional libtiff-opengl_4.1.0+git191117-2~deb10u4_ppc64el.deb c82f1cd7772955194f195a856d61aae0 426336 debug optional libtiff-tools-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 3e3fb7f918e03030bdeaaf7b650bead6 314804 graphics optional libtiff-tools_4.1.0+git191117-2~deb10u4_ppc64el.deb 17e3ebce7d4f2e5cccc1712a3297ea1d 494012 debug optional libtiff5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb dca82a579b85cfb7ddecd1d5beea9663 114032 oldlibs optional libtiff5-dev_4.1.0+git191117-2~deb10u4_ppc64el.deb ab9c4ae6410187926651ea99908e8bbf 280812 libs optional libtiff5_4.1.0+git191117-2~deb10u4_ppc64el.deb 23c65ceebfb13b8167bd3276048b393b 23820 debug optional libtiffxx5-dbgsym_4.1.0+git191117-2~deb10u4_ppc64el.deb 05aaeb3ef43265483694d471a34f3785 118184 libs optional libtiffxx5_4.1.0+git191117-2~deb10u4_ppc64el.deb 366f3021cc6308b774a1ec000bc0ada6 11639 libs optional tiff_4.1.0+git191117-2~deb10u4_ppc64el-buildd.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzxcBZLbWYROS8SGLQ0vh8H8HxvwFAmI7XX0ACgkQQ0vh8H8H xvzn3BAAhpE8Gf8U3SpdOFRLVss8e4Ur+ZN1wOYQlxZ7WlW7cQ7UTYAq8e0Z5ruw RVA8wsgGTZPUHcTOuiHVHDj5zTa9zegkP+SanbcxBFsKQ+AA8G9L63Skbza9yzsk KXF4m/mBORXSGUKtmnKZZdci66O9VhcLcTvpPejmbRMdLpsLomZdkiE8SVcAnyFj B3jPKum4DqLHBhbRwmUkk3p9gWZejcUC/OB+xzut94WCCIPXEBNPtdzakQUI8cWu MrhASAaxeIVP51fC644q9A+24l68Zrfd6t6bJ3q1wMKnaHqwvwplBiBYcK4+oLFo duHeGncgTonHCo43fC4q15ceWHEHWDj5Ks1691tXhphPvfyIeRtdLan4T/h7vICs 0YSUqNbfM5fBfK2xzBy3Ox4t4YdWKsW5Yrfsx6QLZehmZDwCBkzx0E4MvITUMsMW hsb14i2BZicKHx2oDsQ2aZL0NW00Xsv0neY1T7k2Ysflu4+v5U9voiS+8zTVeqm4 Vz/QlP+0eGr2wOZj+94caDtrNwDG78wT33RMDXB3GiiCo/iXqYlKl14fKXKZ0ZAv hMzC1m6GAtiVZi4KORwgsO5FjbuxZkc2cJE8gls/tO9WV3XvgRB+0zIk2BcffWGT JR3FBzdcX8unk+6wdbWlWbLcp5UJq1OXHeS9PXzEr+s9RuNZcyI= =ozOQ -----END PGP SIGNATURE-----