Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted tiff 4.2.0-1+deb11u6 (source) into oldstable-security
Date: Mon, 20 Jan 2025 09:00:57 +0000
Signed by: Adrian Bunk <bunk@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 19 Jan 2025 13:37:43 +0200
Source: tiff
Architecture: source
Version: 4.2.0-1+deb11u6
Distribution: bullseye-security
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Adrian Bunk <bunk@debian.org>
Changes:
 tiff (4.2.0-1+deb11u6) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2023-2908: NULL pointer dereference in tif_dir.c
   * CVE-2023-3316: NULL pointer dereference in TIFFClose
   * CVE-2023-3618: Buffer overflow in tiffcrop
   * CVE-2023-25433: Buffer overflow in tiffcrop
   * CVE-2023-26965: Use after free in tiffcrop
   * CVE-2023-26966: Buffer overflow in uv_encode()
   * CVE-2023-52356: segfault in TIFFReadRGBAStrip/TIFFReadRGBATile
   * CVE-2024-7006: NULL pointer dereference in
     TIFFReadDirectory/TIFFReadCustomDirectory
   * debian/libtiff5.symbols: Add a symbol added in 4.2.0-1+deb11u2
Checksums-Sha1:
 9b69cf2e751a520f7bd8e7b42ba34e839398409c 2461 tiff_4.2.0-1+deb11u6.dsc
 400ff865beb34499633dd1095fe438995e6da707 2809373 tiff_4.2.0.orig.tar.gz
 cf80f83c9995a2ca9d1df2deb883a499037ddc51 228 tiff_4.2.0.orig.tar.gz.asc
 ae19896a44877bde7fd85a0c52215fa544aae232 44916 tiff_4.2.0-1+deb11u6.debian.tar.xz
Checksums-Sha256:
 e8871175e69974b6958e958b4e4aed9b2ffb4ce7616fc1d174fc3ca6f3c95d67 2461 tiff_4.2.0-1+deb11u6.dsc
 eb0484e568ead8fa23b513e9b0041df7e327f4ee2d22db5a533929dfc19633cb 2809373 tiff_4.2.0.orig.tar.gz
 119bb62934603ff4d3cd81c739d11904b28812a860773b9b2268cc96a339b14f 228 tiff_4.2.0.orig.tar.gz.asc
 e8797cd2fa51c858eca826edd8c201e8974d9c5a0fbcf1742ee923459a9cccd3 44916 tiff_4.2.0-1+deb11u6.debian.tar.xz
Files:
 fe23520828b64358afc13cbdd8f4dea8 2461 libs optional tiff_4.2.0-1+deb11u6.dsc
 2bbf6db1ddc4a59c89d6986b368fc063 2809373 libs optional tiff_4.2.0.orig.tar.gz
 65a996e77123a6215470b7b08f6e41b0 228 libs optional tiff_4.2.0.orig.tar.gz.asc
 1309139f37887eab6b7e104a521fb67b 44916 libs optional tiff_4.2.0-1+deb11u6.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmeODKIACgkQiNJCh6LY
mLF4/hAAxwjJ5gkcvtm82WeTM33uRO/sKGUyVGt8vr/v38wWkVqbsx02UKvg5FPR
SVnSZ3w/wuzQcNF9FTMOGFIFJp9IsS4FTRX1rmUwQmmIXZgeF4otyF5BsY5Y8eeD
CLb6pjCvL6QYYYodb0lzUpRv9zs/8srOXE1bm8/Irk1M771I5VyaRNv+RC7pSgeQ
2tPd35lLaEWhYODY0F6MeUtg/0JQAUVGsqvVhbNQzGUpNIs9fLsmgF6UT/x72fy1
Mkshq1GRe9GPBSKth0aWOaBs6ovc9XBVBdXO0yiWV/xbosGCZ7Gq4++fO7Z48ERY
ZZEvXHjqjFqD3hGZXdd6Mwn4oHJzc3hOAmjjo4Rx5ZzuzmPqAjMorjcYv4nQ5Zhi
XTp1bmVCpscmbZ6O7KrPq+yu+aYKHVuweccDeywzMsI9zqnkxnyFJg++3LbCl+ca
VAfnBg1iOCx34qE5RHzGXYmFShAqE+HAEdXtwIBQYh+Ty7DYLxVwWYb//IGBnb5+
w7roEnho2ej4oWpfry6pH2eWVLISqp5Qus0sLwUfvRasY2VaBsOZXr4VoqnASw+F
24rfNyGRVCJSNjU7142mX4D0srm02lH12b3IJUnCi6ndtq3LbdmBwgtMiUUzgaV9
eulY/db9KoH/hnoyvYMJ7Z299FiCfApxamdUGJ9E17/Uj6WUyqc=
=lVXZ
-----END PGP SIGNATURE-----

News for package tiff