1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tiff 4.2.0-1+deb11u2 (source) into proposed-updates

    From Debian FTP Masters@21:1/5 to All on Tue Jan 31 18:50:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    Format: 1.8
    Date: Tue, 17 Jan 2023 16:17:33 +0800
    Source: tiff
    Architecture: source
    Version: 4.2.0-1+deb11u2
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changed-By: Aron Xu <aron@debian.org>
    Changes:
    tiff (4.2.0-1+deb11u2) bullseye-security; urgency=high
    .
    [ Laszlo Boszormenyi (GCS) ]
    * Backport security fix for CVE-2022-1354, heap buffer overflow in
    TIFFReadRawDataStriped() .
    * Backport security fix for CVE-2022-1355, tiffcp stack buffer overflow in
    "mode" string.
    * Backport security fix for CVE-2022-1622 and CVE-2022-1623, out of bounds
    read in LZWDecode() .
    * Backport security fix for CVE-2022-34526, stack overflow in
    _TIFFVGetField() .
    .
    [ Aron Xu ]
    * Non-maintainer upload by the Security Team.
    * Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058,
    divide by zero in computeInputPixelOffsets().
    * Backport security fix for CVE-2022-2867, CVE-2022-2868 and CVE-2022-2869,
    out of bounds read/write caused by uint32_t underflow.
    * Backport security fix for CVE-2022-3570 and CVE=2022-3598, buffer overflow
    in tiffcrop subroutines.
    * Backport security fix for CVE-2022-2519, CVE-2022-2520, CVE-2022-2521,
    CVE-2022-2953, CVE-2022-3597, CVE-2022-3636 and CVE-2022-3627, disable
    the combination of incompatible options to avoid out-of-bounds writes.
    * Backport security fix for CVE-2022-3599, out-of-bounds read in
    writeSingleSection().
    Checksums-Sha1:
    3bdc9aff160e180c6559a9daaec09f95204703b4 2116 tiff_4.2.0-1+deb11u2.dsc
    f2e4fdca91dc0a08bb436ec3b19d1b7614987022 38116 tiff_4.2.0-1+deb11u2.debian.tar.xz
    aa2760fdf78042256afe6123a72b2a7c1dc721c6 7857 tiff_4.2.0-1+deb11u2_source.buildinfo
    Checksums-Sha256:
    ae32d3e12ad770e1e27781534ee1dfc1a35f9f0cb930ff8e03cc910fb9efaa89 2116 tiff_4.2.0-1+deb11u2.dsc
    bc4e408c242558f4a828d257a5b97e1bc42f7339ef26fa4a17e7a17f2d1d2622 38116 tiff_4.2.0-1+deb11u2.debian.tar.xz
    e91c0348dbd3ba5b40610c4a60457611577fded3be3ca345764692d5436ce60c 7857 tiff_4.2.0-1+deb11u2_source.buildinfo
    Files:
    04c6f3715161b3c27e0e4bf9701d6567 2116 libs optional tiff_4.2.0-1+deb11u2.dsc
    0fd99c3fb86a74ab95ca4d0736ab2c62 38116 libs optional tiff_4.2.0-1+deb11u2.debian.tar.xz
    f85f16bd9dce4973a41e950b4e80eacc 7857 libs optional tiff_4.2.0-1+deb11u2_source.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWDvoACgkQO1LKKgqv 2VSOGQf/UnvbM/4IY41Z1aVtd/X+cLVenoLPhQkD3moFH2mK1cved0vQSVG7DQxH aFY3UAI0ZDzB2VPYnE7CHDNP4ZJedm888MclZUqmFDKnWBN4Lkb7KKfUmvVdOivQ llCWFZtCPI9VPzS3K3YgSW4x93ckcxH5TlEok2ATU505CXE/GWnohYutQkoZ6C5a q7O0FwH8TUcFk3vj0a0Le0FH0X+oATuIJ75BOP14E1oO0QQZQ5/vkIFoXz6ACITB b05q2vXhIclJHCOrgEmZk/9vEX5ctYxUjJUfbBwFtMR0xGNjPOBsP+ukpzYowgXu BfmiK6PzAdDMAeiUv1+6PIlcJVTfFQ==
    =hUx/
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)