Back to tiff PTS page

Accepted tiff 4.1.0+git191117-2~deb10u4 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Architecture: source
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changes:
 tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
 .
   [ Thorsten Alteholz <debian@alteholz.de> ]
   * CVE-2022-22844
     out-of-bounds read in _TIFFmemcpy in certain situations involving a
     custom tag and 0x0200 as the second word of the DE field.
   * CVE-2022-0562
     Null source pointer passed as an argument to memcpy() function within
     TIFFReadDirectory(). This could result in a Denial of Service via
     crafted TIFF files.
   * CVE-2022-0561
     Null source pointer passed as an argument to memcpy() function within
     TIFFFetchStripThing(). This could result in a Denial of Service via
     crafted TIFF files.
 .
   [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
   * Backport security fix for CVE-2022-0865, crash when reading a file with
     multiple IFD in memory-mapped mode and when bit reversal is needed.
   * Backport security fix for CVE-2022-0908, null source pointer passed as an
     argument to memcpy() function within TIFFFetchNormalTag().
   * Backport security fix for CVE-2022-0907, unchecked return value to null
     pointer dereference in tiffcrop.
   * Backport security fix for CVE-2022-0909, divide by zero error in
     tiffcrop.
   * Backport security fix for CVE-2022-0891, heap buffer overflow in
     ExtractImageSection function in tiffcrop.
   * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp.
Checksums-Sha1:
 c48aa8726741d0a003ce6b17343a8a0b6b5ef7d1 2274 tiff_4.1.0+git191117-2~deb10u4.dsc
 36515c9ec4ae57350f6a772c0c48632f88f23276 26308 tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
Checksums-Sha256:
 e8e9e834ccf9602fcf5fc941af272332a82b1208a116a1bd2fb0a83288b3f692 2274 tiff_4.1.0+git191117-2~deb10u4.dsc
 1e145d2207b2b998ca88b8adb0bf1c1ef0ab1d433ff9e623a78ad3066d43850b 26308 tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
Files:
 e00632dbd8d03e4ef2e2fcc83bebd548 2274 libs optional tiff_4.1.0+git191117-2~deb10u4.dsc
 70173a39fea32941d0fc34cd5e8615df 26308 libs optional tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmI7V6AACgkQ3OMQ54ZM
yL+gbBAAmFri7Y0xqtIQonriWWpvRYJpvML+/vhtfOfQLDQT+kd/lGessvp1fn5y
hSJRXlFH3YbXfr6bYispA/8nONNllezqoIv7/8p+bEA0fyYeS/5vfHmYAX62U9k/
CuMw5J7pIxQKcBW2X2/r9uGG24cI1r5ujENkXIftlwKxHIeADpayTOFHpVfJ4aLa
HT6caGrUCD/10cZAmntyqv+EnNT0z59rTDsv2CUTxwt6cj5Vdq4ASdLfuIFmbvm5
28eNqNX70z4mZwiy+mhC2c5FgaroIW77/rzLHFZsqFa6nuKE64ob57okUIn1xEEv
+pNiRruICZfNSI1WigzG0mklNbxLRryTYUxhnzZtauTHXSXG6mK2lFL/mjuy9WF5
pDr2gxeUUQceaRjOeI8YuT4rdSsTEDd3jCR09UAhRDJKKodtlG9ao7gilAjnmM7W
9s3d14IbA+LPwx0bJAhAHlV8j+e9qvtBVYmUwvdqQPCiT86MWlLbaOKiHMcnSNjB
6sGfRyphx1UvSReWf2z7d5iEc3pZ8W4Jmxnx8TGjBGUTd8ejKS7o6BZBcn5ngOkM
u6AD1jdDua49bk/+TqJdHGv1EK1jSpGn/xmEWMmWoQBfNqrvuN0z65O7507xAtYe
kla4NkDMxljamBxLAmK0LtGeACDChbq7h6nTlScgALiuSJqyORg=
=Lkif
-----END PGP SIGNATURE-----