-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 17 Jan 2023 16:17:33 +0800 Source: tiff Architecture: source Version: 4.2.0-1+deb11u2 Distribution: bullseye-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Aron Xu <aron@debian.org> Changes: tiff (4.2.0-1+deb11u2) bullseye-security; urgency=high . [ Laszlo Boszormenyi (GCS) ] * Backport security fix for CVE-2022-1354, heap buffer overflow in TIFFReadRawDataStriped() . * Backport security fix for CVE-2022-1355, tiffcp stack buffer overflow in "mode" string. * Backport security fix for CVE-2022-1622 and CVE-2022-1623, out of bounds read in LZWDecode() . * Backport security fix for CVE-2022-34526, stack overflow in _TIFFVGetField() . . [ Aron Xu ] * Non-maintainer upload by the Security Team. * Backport security fix for CVE-2022-2056, CVE-2022-2057 and CVE-2022-2058, divide by zero in computeInputPixelOffsets(). * Backport security fix for CVE-2022-2867, CVE-2022-2868 and CVE-2022-2869, out of bounds read/write caused by uint32_t underflow. * Backport security fix for CVE-2022-3570 and CVE=2022-3598, buffer overflow in tiffcrop subroutines. * Backport security fix for CVE-2022-2519, CVE-2022-2520, CVE-2022-2521, CVE-2022-2953, CVE-2022-3597, CVE-2022-3636 and CVE-2022-3627, disable the combination of incompatible options to avoid out-of-bounds writes. * Backport security fix for CVE-2022-3599, out-of-bounds read in writeSingleSection(). Checksums-Sha1: 3bdc9aff160e180c6559a9daaec09f95204703b4 2116 tiff_4.2.0-1+deb11u2.dsc f2e4fdca91dc0a08bb436ec3b19d1b7614987022 38116 tiff_4.2.0-1+deb11u2.debian.tar.xz aa2760fdf78042256afe6123a72b2a7c1dc721c6 7857 tiff_4.2.0-1+deb11u2_source.buildinfo Checksums-Sha256: ae32d3e12ad770e1e27781534ee1dfc1a35f9f0cb930ff8e03cc910fb9efaa89 2116 tiff_4.2.0-1+deb11u2.dsc bc4e408c242558f4a828d257a5b97e1bc42f7339ef26fa4a17e7a17f2d1d2622 38116 tiff_4.2.0-1+deb11u2.debian.tar.xz e91c0348dbd3ba5b40610c4a60457611577fded3be3ca345764692d5436ce60c 7857 tiff_4.2.0-1+deb11u2_source.buildinfo Files: 04c6f3715161b3c27e0e4bf9701d6567 2116 libs optional tiff_4.2.0-1+deb11u2.dsc 0fd99c3fb86a74ab95ca4d0736ab2c62 38116 libs optional tiff_4.2.0-1+deb11u2.debian.tar.xz f85f16bd9dce4973a41e950b4e80eacc 7857 libs optional tiff_4.2.0-1+deb11u2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmPWDvoACgkQO1LKKgqv 2VSOGQf/UnvbM/4IY41Z1aVtd/X+cLVenoLPhQkD3moFH2mK1cved0vQSVG7DQxH aFY3UAI0ZDzB2VPYnE7CHDNP4ZJedm888MclZUqmFDKnWBN4Lkb7KKfUmvVdOivQ llCWFZtCPI9VPzS3K3YgSW4x93ckcxH5TlEok2ATU505CXE/GWnohYutQkoZ6C5a q7O0FwH8TUcFk3vj0a0Le0FH0X+oATuIJ75BOP14E1oO0QQZQ5/vkIFoXz6ACITB b05q2vXhIclJHCOrgEmZk/9vEX5ctYxUjJUfbBwFtMR0xGNjPOBsP+ukpzYowgXu BfmiK6PzAdDMAeiUv1+6PIlcJVTfFQ== =hUx/ -----END PGP SIGNATURE-----