-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5108-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 24, 2022                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : tiff
CVE ID         : CVE-2022-0561 CVE-2022-0562 CVE-2022-0865 CVE-2022-0891 
                 CVE-2022-0907 CVE-2022-0908 CVE-2022-0909 CVE-2022-0924 
                 CVE-2022-22844

Multiple vulnerabilities have been discovered in the libtiff library
and the included tools, which may result in denial of service if
malformed image files are processed.

For the oldstable distribution (buster), these problems have been fixed
in version 4.1.0+git191117-2~deb10u4.

For the stable distribution (bullseye), these problems have been fixed in
version 4.2.0-1+deb11u1.

We recommend that you upgrade your tiff packages.

For the detailed security status of tiff please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/tiff

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmI8u+UACgkQEMKTtsN8
TjbZ4hAAhq1KgztKD1uBeIbAyyDvF3AwDmL7pUSji/BSuMNMS86aadD3LF8avd1z
xzuT52QkSNOy5PgOa47xP+U0B6iICjj4naf2XqgEumhiBwJuoJCbs9+DO3Vc0dQ4
ZWK+c0sy/BEesdjlv33v+nfDpuijreWFcFz+WytgBRgPa66cSaYKKUJCgpiR2V8Q
N3Nd8AjIkwWnTrsEfalTSx0N5o7e4gYKe9/w/bEHglgbDYPXOPUZdGXaewcNCb8f
29ZQtfmicwM5wtSImGzbGueE7a+uMThIOxgRtBWhk4lsGlMVJN5qnWwoJiPxZhgl
ph2eybWED8XcTBughRCvQt60dFETMaNNQUGxUwl0L+brlw0ncq+JCA760AunP4IY
ZfFmbf5DFuoOOWqWDjzgSHBpPZKeqtcgfGCl2LupH8JFqip4qcGnVZRWwbgWMuN+
VetZXkyO5fswjtGu/08oEHxg+ZTlo+QjhZyHzTUTW/TVIMW6uAcmYufZjwlfezog
uFZe2tlVfy7EKmZWgo5XWXKjwbDvzF2tzYCLEHa945gxrM2jEvahLHO4MQhFQ2aR
D4KygWqpGCt8p8rBq3od7Zg9wrEruVk9ZlKLagkPQ23TMQhVDYjd51JRkIzuvByO
p63HALwBKW5H1451vpdZ0Vc1hiY0nNFi5ZjI10sVXpdrTXC2xyI=
=APsW
-----END PGP SIGNATURE-----