• Accepted tiff 4.1.0+git191117-2~deb10u4 (source) into oldstable-propose

    From Debian FTP Masters@21:1/5 to All on Sun Mar 27 19:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 13 Mar 2022 16:03:21 +0100
    Source: tiff
    Architecture: source
    Version: 4.1.0+git191117-2~deb10u4
    Distribution: buster-security
    Urgency: high
    Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changes:
    tiff (4.1.0+git191117-2~deb10u4) buster-security; urgency=high
    .
    [ Thorsten Alteholz <debian@alteholz.de> ]
    * CVE-2022-22844
    out-of-bounds read in _TIFFmemcpy in certain situations involving a
    custom tag and 0x0200 as the second word of the DE field.
    * CVE-2022-0562
    Null source pointer passed as an argument to memcpy() function within
    TIFFReadDirectory(). This could result in a Denial of Service via
    crafted TIFF files.
    * CVE-2022-0561
    Null source pointer passed as an argument to memcpy() function within
    TIFFFetchStripThing(). This could result in a Denial of Service via
    crafted TIFF files.
    .
    [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
    * Backport security fix for CVE-2022-0865, crash when reading a file with
    multiple IFD in memory-mapped mode and when bit reversal is needed.
    * Backport security fix for CVE-2022-0908, null source pointer passed as an
    argument to memcpy() function within TIFFFetchNormalTag().
    * Backport security fix for CVE-2022-0907, unchecked return value to null
    pointer dereference in tiffcrop.
    * Backport security fix for CVE-2022-0909, divide by zero error in
    tiffcrop.
    * Backport security fix for CVE-2022-0891, heap buffer overflow in
    ExtractImageSection function in tiffcrop.
    * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1:
    c48aa8726741d0a003ce6b17343a8a0b6b5ef7d1 2274 tiff_4.1.0+git191117-2~deb10u4.dsc
    36515c9ec4ae57350f6a772c0c48632f88f23276 26308 tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
    Checksums-Sha256:
    e8e9e834ccf9602fcf5fc941af272332a82b1208a116a1bd2fb0a83288b3f692 2274 tiff_4.1.0+git191117-2~deb10u4.dsc
    1e145d2207b2b998ca88b8adb0bf1c1ef0ab1d433ff9e623a78ad3066d43850b 26308 tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz
    Files:
    e00632dbd8d03e4ef2e2fcc83bebd548 2274 libs optional tiff_4.1.0+git191117-2~deb10u4.dsc
    70173a39fea32941d0fc34cd5e8615df 26308 libs optional tiff_4.1.0+git191117-2~deb10u4.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmI7V6AACgkQ3OMQ54ZM yL+gbBAAmFri7Y0xqtIQonriWWpvRYJpvML+/vhtfOfQLDQT+kd/lGessvp1fn5y hSJRXlFH3YbXfr6bYispA/8nONNllezqoIv7/8p+bEA0fyYeS/5vfHmYAX62U9k/ CuMw5J7pIxQKcBW2X2/r9uGG24cI1r5ujENkXIftlwKxHIeADpayTOFHpVfJ4aLa HT6caGrUCD/10cZAmntyqv+EnNT0z59rTDsv2CUTxwt6cj5Vdq4ASdLfuIFmbvm5 28eNqNX70z4mZwiy+mhC2c5FgaroIW77/rzLHFZsqFa6nuKE64ob57okUIn1xEEv +pNiRruICZfNSI1WigzG0mklNbxLRryTYUxhnzZtauTHXSXG6mK2lFL/mjuy9WF5 pDr2gxeUUQceaRjOeI8YuT4rdSsTEDd3jCR09UAhRDJKKodtlG9ao7gilAjnmM7W 9s3d14IbA+LPwx0bJAhAHlV8j+e9qvtBVYmUwvdqQPCiT86MWlLbaOKiHMcnSNjB 6sGfRyphx1UvSReWf2z7d5iEc3pZ8W4Jmxnx8TGjBGUTd8ejKS7o6BZBcn5ngOkM u6AD1jdDua49bk/+TqJdHGv1EK1jSpGn/xmEWMmWoQBfNqrvuN0z65O7507xAtYe kla4NkDMxljamBxLAmK0LtGeACDChbq7h6nTlScgALiuSJqyORg=
    =Lkif
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)