Back to tiff PTS page

Accepted tiff 4.2.0-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates

To: debian-changes@lists.debian.org
Subject: Accepted tiff 4.2.0-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sun, 27 Mar 2022 17:17:08 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1nYWVo-000BLC-K1@fasolo.debian.org>
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 15:57:56 +0100
Source: tiff
Architecture: source
Version: 4.2.0-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changes:
 tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 dec47816c3a7730a61bf7f54eea8e6c8e6327d1e 2461 tiff_4.2.0-1+deb11u1.dsc
 400ff865beb34499633dd1095fe438995e6da707 2809373 tiff_4.2.0.orig.tar.gz
 cf80f83c9995a2ca9d1df2deb883a499037ddc51 228 tiff_4.2.0.orig.tar.gz.asc
 d26f632646669b8de57dc97d7392ee040cce188a 25188 tiff_4.2.0-1+deb11u1.debian.tar.xz
Checksums-Sha256:
 09c0d66b0f710bab934727529fcc418217588ccd62b7ebcbe1a1057bea6507e4 2461 tiff_4.2.0-1+deb11u1.dsc
 eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb 2809373 tiff_4.2.0.orig.tar.gz
 119bb62934603ff4d3cd81c739d11904b28812a860773b9b2268cc96a339b14f 228 tiff_4.2.0.orig.tar.gz.asc
 a0b8d4a231d97e0dbefde74fe5788d19429c4bcbfd32102a9d09fd6dc39273a0 25188 tiff_4.2.0-1+deb11u1.debian.tar.xz
Files:
 74a1f3f8b9553d400c4c3e41ebeea1b9 2461 libs optional tiff_4.2.0-1+deb11u1.dsc
 2bbf6db1ddc4a59c89d6986b368fc063 2809373 libs optional tiff_4.2.0.orig.tar.gz
 65a996e77123a6215470b7b08f6e41b0 228 libs optional tiff_4.2.0.orig.tar.gz.asc
 5294fce7bfaca0959a7606ce192d1acb 25188 libs optional tiff_4.2.0-1+deb11u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmI7V7kACgkQ3OMQ54ZM
yL8cbA//YbDTeiL5SG9nRjRHEHGRL1hl0BcQR4DQZ6BCsdf3W5Es7asWh030SN05
lNuVm5WLW61kmfpNSJk14TsHL/3zheEX4Fg6DzriVEzSRt4YMEUYvcvZBTB/6WzX
+WyU8cXhFWN/FXCz6WpLzB+Z+Gd1qZmZYifWwMYwb+P0kYyiJs1qC2D71FI80PLa
ZxUQgvqOqY90PjkxokS3n2s4QQtB8wjafK0oUD3OB5lDmPJLsBLObeFiYXTWu+V0
F7wUzFSpvpBxSuc7G2GPS55PGhqhcIRKMFGK1hOyF5D/a+cvzHd1Upjiv6h7judW
mfXTB+n2UbemSML0E9y6WH1df3IcoGpsqKLjfBxiORvVhPRZtGq6oS8zhjMFNob+
sSzFIyVOvtin0QXgFXbUyWCYTEsnYK2BFYskQCseLVGW7jugoVR6JaaIgjsL6AKA
+1IsIAR092N56a2BIeJHFoM1Z2rNXjskYbS8xH+NN5j8qsYgf5ms/5E1+e9Rbl5/
uH8PsJtF7CJRZHPIRmBUkqoeTC0cIZcPOuE+IXoeZdXIIO6bGunqLFtbpUjJJKQP
m45TjHv+J5b/DpawdB3dH1i7vAgglAGgxWH3LM0FoNEzftWPKNkipHg6yQWvCpwE
7j4FTj4StI9rYZFK8pSy2zJszahBY0EjaKNcnHjLALCsmsO0klM=
=LKEA
-----END PGP SIGNATURE-----