Accepted tiff 4.1.0+git191117-2~deb10u5 (source) into oldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted tiff 4.1.0+git191117-2~deb10u5 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Fri, 20 Jan 2023 22:10:19 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: tiff_4.1.0+git191117-2~deb10u5_source.changes
- Debian-source: tiff
- Debian-suite: oldstable
- Debian-version: 4.1.0+git191117-2~deb10u5
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=LZjEgEtPIFmY/2A0N3ydPtmvRyObmZYrygMvs8f1zhI=; b=OO5ouJgEYP6zblxCHR3nw81cV1 7lS7v8X1zAY0len5K05QSfDxA4+yVchNbv3smO7mSjNZSs+1a3Gjxn9rugGTNcYoQNHY6oDBs43VW bqxAZIdvxU98d1QFX03i8NSlmB9aYSmSnzl4Epgu4jx/TLDANJowur4EZz385G11YsZWzrMq55SYq 2OjpvvbztLpcZ/eW4Bm3Lo2uHSzsVXbq7kk0kYn22jYZJQ5gB7ClwlxZHXqkLlF7khBwnJArQIVoE y58kFnhZUmQfmnOnxh77wgvmnGbooR6QcfAGoMJWNnxouH2eNBgOePjYFa6ECHGhGONwGaLd+TeMh rlX0DxAQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pIzaV-00FoAW-18@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 17 Jan 2023 20:27:50 +0100
Source: tiff
Architecture: source
Version: 4.1.0+git191117-2~deb10u5
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Closes: 1011160 1014494 1022555 1024737
Changes:
tiff (4.1.0+git191117-2~deb10u5) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2022-1354: A heap buffer overflow flaw was found in Libtiffs'
tiffinfo.c in TIFFReadRawDataStriped() function. This flaw allows an
attacker to pass a crafted TIFF file to the tiffinfo tool, triggering
a heap buffer overflow issue and causing a crash that leads to a
denial of service.
* CVE-2022-1355: A stack buffer overflow flaw was found in Libtiffs'
tiffcp.c in main() function. This flaw allows an attacker to pass a
crafted TIFF file to the tiffcp tool, triggering a stack buffer
overflow issue, possibly corrupting the memory, and causing a crash
that leads to a denial of service. (Closes: #1011160)
* CVE-2022-2056, CVE-2022-2057, CVE-2022-2058: Divide By Zero error in
tiffcrop allows attackers to cause a denial-of-service via a crafted
tiff file. (Closes: #1014494)
* CVE-2022-2867, CVE-2022-2868, CVE-2022-2869: libtiff's tiffcrop
utility has underflow and input validation flaw that can lead to out
of bounds read and write. An attacker who supplies a crafted file to
tiffcrop (likely via tricking a user to run tiffcrop on it with
certain parameters) could cause a crash or in some cases, further
exploitation.
* CVE-2022-3570, CVE-2022-3598: multiple heap buffer overflows in
tiffcrop.c utility in libtiff allows attacker to trigger unsafe or out
of bounds memory access via crafted TIFF image file which could result
into application crash, potential information disclosure or any other
context-dependent impact (Closes: #1022555)
* CVE-2022-3597, CVE-2022-3626, CVE-2022-3627: out-of-bounds write,
allowing attackers to cause a denial-of-service via a crafted tiff
file. (Closes: #1022555)
* CVE-2022-3599: out-of-bounds read in writeSingleSection in
tools/tiffcrop.c, allowing attackers to cause a denial-of-service via
a crafted tiff file. (Closes: #1022555)
* CVE-2022-3970: affects the function TIFFReadRGBATileExt of the file
libtiff/tif_getimage.c. The manipulation leads to integer
overflow. (Closes: #1024737)
* CVE-2022-34526: a stack overflow was discovered in the _TIFFVGetField
function of Tiffsplit. This vulnerability allows attackers to cause a
Denial of Service (DoS) via a crafted TIFF file parsed by the
"tiffsplit" or "tiffcrop" utilities.
Checksums-Sha1:
1f7fdc7aab7c37cb74033d0a44229e036f06f8f3 2274 tiff_4.1.0+git191117-2~deb10u5.dsc
6d855d1ece774c122c950039874ca3993b91b03f 40312 tiff_4.1.0+git191117-2~deb10u5.debian.tar.xz
e656d7f8d56d3f0e0fa3aa894143d32732afbcd3 11686 tiff_4.1.0+git191117-2~deb10u5_amd64.buildinfo
Checksums-Sha256:
7077e5047df9053ccdfd0aefdc959cd5078f86a78b9c8d6bfd226ea66bd52e4e 2274 tiff_4.1.0+git191117-2~deb10u5.dsc
70af094d655a57e45d815388d76547c81af25ddc83805ee026bd7462ae008f67 40312 tiff_4.1.0+git191117-2~deb10u5.debian.tar.xz
47d86d38e39a79d39bfe70fdbf906e058bf6093bbeca56f7102f20c5ad624cd1 11686 tiff_4.1.0+git191117-2~deb10u5_amd64.buildinfo
Files:
fc330400ab8158b4a577fb28ffd1f899 2274 libs optional tiff_4.1.0+git191117-2~deb10u5.dsc
0f71f08c7cc43312edfac309e5755e20 40312 libs optional tiff_4.1.0+git191117-2~deb10u5.debian.tar.xz
0620d4cee98284d700f833dc2f74782f 11686 libs optional tiff_4.1.0+git191117-2~deb10u5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmPLDYcACgkQDTl9HeUl
XjDRtQ//e7A/9F2AJHjIEJ0eJx1VSGJnR01xDpc1Zds62Oj/xIAyG1/wgIkrKe/o
HyXyF5IZaHPzePLLTI1lMKfk5+O2XI+A45nLH8LZfZiPW80Ljd0+/kXqsdtRf7Zx
E5M9s/ipjGd8vGL3st952pQr8M7F5ewby8/2VLMxB4U6yiqZq1Sev6xkMo4hSHgQ
HgujK/wUnCabyGJ+N/vx2zPKMRzVhMmhgbdXedol8iG3Fjtq0GkFCut5AxIXhxvv
xV33ImiYAckKpQqaz0nIdLVjXldi6EtfcSu8kRyGTZLJ+Yr7saYVCLUvdaSvSFw4
q7ofxQrKqJGmWN/2Y2eEsN8M3AqeoKiZkXLm/lg+6uGmnHnT/u3MLcYY0/2CwRzh
wR/MXB5KkLsIooL2dmwMpWKx1xcXoVt6oUx2DCVouTzmc89nesdFTkaWQ5M2M0/q
ih1V4TdlDKvNYNxFRaMKbkeDg53DWEx5fUT6NeUmF9nHCyIkf7DHkKW6zSeN/u+2
1Zfws7Lk2ZlHQ4RyqCwyivb9QDxV2D7p7n2sO/KvMiQujZMGk//Duhd2nLSF6tA7
Zhgpg5pQBfn+qzVtu7qSJTKKDEOf4O9UYpgotzF/mBIB4QM/NHegA7iINwGNc8WQ
aPqLV5jkCGuN6IczAYxIN1T93g4w5/qYbrS4JFTadD0izDwTSHY=
=vUyK
-----END PGP SIGNATURE-----