-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 13 Mar 2022 16:03:21 +0100
Source: tiff
Architecture: source
Version: 4.1.0+git191117-2~deb10u4
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <
gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <
gcs@debian.org>
Changes:
tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
.
[ Thorsten Alteholz <
debian@alteholz.de> ]
* CVE-2022-22844
out-of-bounds read in _TIFFmemcpy in certain situations involving a
custom tag and 0x0200 as the second word of the DE field.
* CVE-2022-0562
Null source pointer passed as an argument to memcpy() function within
TIFFReadDirectory(). This could result in a Denial of Service via
crafted TIFF files.
* CVE-2022-0561
Null source pointer passed as an argument to memcpy() function within
TIFFFetchStripThing(). This could result in a Denial of Service via
crafted TIFF files.
.
[ Laszlo Boszormenyi (GCS) <
gcs@debian.org> ]
* Backport security fix for CVE-2022-0865, crash when reading a file with
multiple IFD in memory-mapped mode and when bit reversal is needed.
* Backport security fix for CVE-2022-0908, null source pointer passed as an
argument to memcpy() function within TIFFFetchNormalTag().
* Backport security fix for CVE-2022-0907, unchecked return value to null
pointer dereference in tiffcrop.
* Backport security fix for CVE-2022-0909, divide by zero error in
tiffcrop.
* Backport security fix for CVE-2022-0891, heap buffer overflow in
ExtractImageSection function in tiffcrop.
* Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1:
c48aa8726741d0a003ce6b17343a8a0b6b5ef7d1 2274 tiff_4.1.0+git191117-2~deb10u4.dsc
36515c9ec4ae57350f6a772c0c48632f88f23276 26308 tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
Checksums-Sha256:
e8e9e834ccf9602fcf5fc941af272332a82b1208a116a1bd2fb0a83288b3f692 2274 tiff_4.1.0+git191117-2~deb10u4.dsc
1e145d2207b2b998ca88b8adb0bf1c1ef0ab1d433ff9e623a78ad3066d43850b 26308 tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
Files:
e00632dbd8d03e4ef2e2fcc83bebd548 2274 libs optional tiff_4.1.0+git191117-2~deb10u4.dsc
70173a39fea32941d0fc34cd5e8615df 26308 libs optional tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmI7V6AACgkQ3OMQ54ZM yL+gbBAAmFri7Y0xqtIQonriWWpvRYJpvML+/vhtfOfQLDQT+kd/lGessvp1fn5y hSJRXlFH3YbXfr6bYispA/8nONNllezqoIv7/8p+bEA0fyYeS/5vfHmYAX62U9k/ CuMw5J7pIxQKcBW2X2/r9uGG24cI1r5ujENkXIftlwKxHIeADpayTOFHpVfJ4aLa HT6caGrUCD/10cZAmntyqv+EnNT0z59rTDsv2CUTxwt6cj5Vdq4ASdLfuIFmbvm5 28eNqNX70z4mZwiy+mhC2c5FgaroIW77/rzLHFZsqFa6nuKE64ob57okUIn1xEEv +pNiRruICZfNSI1WigzG0mklNbxLRryTYUxhnzZtauTHXSXG6mK2lFL/mjuy9WF5 pDr2gxeUUQceaRjOeI8YuT4rdSsTEDd3jCR09UAhRDJKKodtlG9ao7gilAjnmM7W 9s3d14IbA+LPwx0bJAhAHlV8j+e9qvtBVYmUwvdqQPCiT86MWlLbaOKiHMcnSNjB 6sGfRyphx1UvSReWf2z7d5iEc3pZ8W4Jmxnx8TGjBGUTd8ejKS7o6BZBcn5ngOkM u6AD1jdDua49bk/+TqJdHGv1EK1jSpGn/xmEWMmWoQBfNqrvuN0z65O7507xAtYe kla4NkDMxljamBxLAmK0LtGeACDChbq7h6nTlScgALiuSJqyORg=
=Lkif
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)