-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 13 Mar 2022 11:00:15 +0100 Source: tiff Architecture: source Version: 4.3.0-6 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changes: tiff (4.3.0-6) unstable; urgency=high . * Backport security fix for CVE-2022-0908, null source pointer passed as an argument to memcpy() function within TIFFFetchNormalTag(). * Backport security fix for CVE-2022-0907, unchecked return value to null pointer dereference in tiffcrop. * Backport security fix for CVE-2022-0909, divide by zero error in tiffcrop. * Backport security fix for CVE-2022-0891, heap buffer overflow in ExtractImageSection function in tiffcrop. * Backport security fix for CVE-2022-0924, heap buffer overflow in tiffcp. Checksums-Sha1: 51d4676759fc90c1e2abf865baa2dfebc903cf74 2417 tiff_4.3.0-6.dsc fa54b88ed0d752d7202f3f7670a826a094091e5f 25112 tiff_4.3.0-6.debian.tar.xz Checksums-Sha256: 85bb9336fa1e880ca17159176dee73a2832aa60e131cce2a65b7ab69d87863b8 2417 tiff_4.3.0-6.dsc 116bb5a0343185ffde46b0b0bde300731c0ebe37b5ae8541992f6556e8e2d408 25112 tiff_4.3.0-6.debian.tar.xz Files: 397e2f25de86e693155183141dbf7547 2417 libs optional tiff_4.3.0-6.dsc cde45f79d7139c458312a7475772c407 25112 libs optional tiff_4.3.0-6.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmItzZgACgkQ3OMQ54ZM yL9NuA/+MF68E8g2ihuUL4OIKP4l8HtJt0t4F6PJMwUl9/5Uo7y4CqLXylVXeooN DT8dcAyBrrhy8RURJcXPq7nYttdcon8XZ57+XGoYw+GGFTJN+IIP7myZzPCbcfQO qWzV7dR2/dC0y2rgckF/QzSsIjLZuNaRj2nbkH/deMelaow8PG4nne0fZG9Tp3hi RWwDIWAN7wbnP79rGfJw36OUHyXiLDYCJUF9aeqQxvVu8SaDk5V52TCnSbjCbHVq ae2mzAe3aSZ4vFBiVbw/DAigGcPVWuhcHuGJBnB75Mzz3XFn36wh8kdq7HlLvloo P/Jx3y1Auh+NUcEu1NRXaFuUxaGkJWPZAf2LqiIEfj05Ie++i4OvjrV3dqmMojS+ IAYKLOPRkbAmC4S0T6w/EFRDk8SMYnaBVPGQ0DrAcduWKJJajLGRNdED15hOcFnR Po8JW9mjXGApYzUiDQyp6P7h4G9HosXZcfyvaGeNqLTOlBUFHnGjxqtK9biPGbwO v2NYk5xb0rml6C5Q5dURk2RTfXyfsnpqzo1hpdmlqdodU8R47ckHBjM62Elhaqtu FGcbzQxuurq8JS0rhjNLiS6/InrXJZVChyABQZLegaX2GSS+fwPvOev1kVtt9H+n QXmT02jwd94nI6+gGcEOgjq7nUDnX8pJqnCPOcFrz6enhLYdBJM= =TIqI -----END PGP SIGNATURE-----