1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted tiff 4.2.0-1+deb11u1 (source) into proposed-updates->stable-ne

    From Debian FTP Masters@21:1/5 to All on Sun Mar 27 19:20:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 13 Mar 2022 15:57:56 +0100
    Source: tiff
    Architecture: source
    Version: 4.2.0-1+deb11u1
    Distribution: bullseye-security
    Urgency: high
    Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
    Changes:
    tiff (4.2.0-1+deb11u1) bullseye-security; urgency=high
    .
    [ Thorsten Alteholz <debian@alteholz.de> ]
    * CVE-2022-22844
    out-of-bounds read in _TIFFmemcpy in certain situations involving a
    custom tag and 0x0200 as the second word of the DE field.
    * CVE-2022-0562
    Null source pointer passed as an argument to memcpy() function within
    TIFFReadDirectory(). This could result in a Denial of Service via
    crafted TIFF files.
    * CVE-2022-0561
    Null source pointer passed as an argument to memcpy() function within
    TIFFFetchStripThing(). This could result in a Denial of Service via
    crafted TIFF files.
    .
    [ Laszlo Boszormenyi (GCS) <gcs@debian.org> ]
    * Backport security fix for CVE-2022-0865, crash when reading a file with
    multiple IFD in memory-mapped mode and when bit reversal is needed.
    * Backport security fix for CVE-2022-0908, null source pointer passed as an
    argument to memcpy() function within TIFFFetchNormalTag().
    * Backport security fix for CVE-2022-0907, unchecked return value to null
    pointer dereference in tiffcrop.
    * Backport security fix for CVE-2022-0909, divide by zero error in
    tiffcrop.
    * Backport security fix for CVE-2022-0891, heap buffer overflow in
    ExtractImageSection function in tiffcrop.
    * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1:
    dec47816c3a7730a61bf7f54eea8e6c8e6327d1e 2461 tiff_4.2.0-1+deb11u1.dsc
    400ff865beb34499633dd1095fe438995e6da707 2809373 tiff_4.2.0.orig.tar.gz
    cf80f83c9995a2ca9d1df2deb883a499037ddc51 228 tiff_4.2.0.orig.tar.gz.asc
    d26f632646669b8de57dc97d7392ee040cce188a 25188 tiff_4.2.0-1+deb11u1.debian.tar.xz
    Checksums-Sha256:
    09c0d66b0f710bab934727529fcc418217588ccd62b7ebcbe1a1057bea6507e4 2461 tiff_4.2.0-1+deb11u1.dsc
    eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb 2809373 tiff_4.2.0.orig.tar.gz
    119bb62934603ff4d3cd81c739d11904b28812a860773b9b2268cc96a339b14f 228 tiff_4.2.0.orig.tar.gz.asc
    a0b8d4a231d97e0dbefde74fe5788d19429c4bcbfd32102a9d09fd6dc39273a0 25188 tiff_4.2.0-1+deb11u1.debian.tar.xz
    Files:
    74a1f3f8b9553d400c4c3e41ebeea1b9 2461 libs optional tiff_4.2.0-1+deb11u1.dsc
    2bbf6db1ddc4a59c89d6986b368fc063 2809373 libs optional tiff_4.2.0.orig.tar.gz
    65a996e77123a6215470b7b08f6e41b0 228 libs optional tiff_4.2.0.orig.tar.gz.asc
    5294fce7bfaca0959a7606ce192d1acb 25188 libs optional tiff_4.2.0-1+deb11u1.debian.tar.xz

    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmI7V7kACgkQ3OMQ54ZM yL8cbA//YbDTeiL5SG9nRjRHEHGRL1hl0BcQR4DQZ6BCsdf3W5Es7asWh030SN05 lNuVm5WLW61kmfpNSJk14TsHL/3zheEX4Fg6DzriVEzSRt4YMEUYvcvZBTB/6WzX +WyU8cXhFWN/FXCz6WpLzB+Z+Gd1qZmZYifWwMYwb+P0kYyiJs1qC2D71FI80PLa ZxUQgvqOqY90PjkxokS3n2s4QQtB8wjafK0oUD3OB5lDmPJLsBLObeFiYXTWu+V0 F7wUzFSpvpBxSuc7G2GPS55PGhqhcIRKMFGK1hOyF5D/a+cvzHd1Upjiv6h7judW mfXTB+n2UbemSML0E9y6WH1df3IcoGpsqKLjfBxiORvVhPRZtGq6oS8zhjMFNob+ sSzFIyVOvtin0QXgFXbUyWCYTEsnYK2BFYskQCseLVGW7jugoVR6JaaIgjsL6AKA +1IsIAR092N56a2BIeJHFoM1Z2rNXjskYbS8xH+NN5j8qsYgf5ms/5E1+e9Rbl5/ uH8PsJtF7CJRZHPIRmBUkqoeTC0cIZcPOuE+IXoeZdXIIO6bGunqLFtbpUjJJKQP m45TjHv+J5b/DpawdB3dH1i7vAgglAGgxWH3LM0FoNEzftWPKNkipHg6yQWvCpwE 7j4FTj4StI9rYZFK8pSy2zJszahBY0EjaKNcnHjLALCsmsO0klM=
    =LKEA
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)