Bug#706674: marked as done (libtiff-tools: CVE-2013-1961: Stack-based buffer overflow with malformed image-length and resolution)

[Debian Bug Tracking System]

Your message dated Mon, 17 Jun 2013 03:51:13 +0000
with message-id <e1uoqtj-0006d2...@franck.debian.org>
and subject line Bug#706674: fixed in tiff 4.0.2-6+nmu1
has caused the Debian Bug report #706674,
regarding libtiff-tools: CVE-2013-1961: Stack-based buffer overflow with 
malformed image-length and resolution
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
706674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706674
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: libtiff-tools
Version: 4.0.2-6
Severity: important
Tags: security

Please see: http://www.openwall.com/lists/oss-security/2013/05/02/4

---
Henri Salo

signature.asc
Description: Digital signature

--- End Message ---

--- Begin Message ---

Source: tiff
Source-Version: 4.0.2-6+nmu1

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 706...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilb...@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Jun 2013 01:27:17 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools 
libtiff-opengl libtiff-doc
Architecture: source all i386
Version: 4.0.2-6+nmu1
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <q...@debian.org>
Changed-By: Michael Gilbert <mgilb...@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative 
development fil
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 706674 706675
Changes: 
 tiff (4.0.2-6+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
     (closes: #706675).
   * Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
     (closes: #706674).
Checksums-Sha1: 
 d8bf0a66447165f1142e1f6a3924ed45da79301c 2840 tiff_4.0.2-6+nmu1.dsc
 b1d37089aeae80157e79295ac6bf174c6f28ade7 22755 tiff_4.0.2-6+nmu1.debian.tar.gz
 9789118fdedb7be0b58bce28213fb3c54d3e6449 413172 
libtiff-doc_4.0.2-6+nmu1_all.deb
 cf8aadb5359e96530bd61fb35d048af2b0e199c3 234274 libtiff5_4.0.2-6+nmu1_i386.deb
 9448499cbb9bc1b51bb733d52e33615a99e6feaf 73582 libtiffxx5_4.0.2-6+nmu1_i386.deb
 a1b8c9b9ff4e7a8db1dc6b74d054b54ae6d92ee5 379284 
libtiff5-dev_4.0.2-6+nmu1_i386.deb
 9d5abf2f8d8aaca00063ececfdcfd3b16e38e8e9 299138 
libtiff5-alt-dev_4.0.2-6+nmu1_i386.deb
 842eaff634627bc3f9a2d5aaec54e5b5b2cbeb4a 325120 
libtiff-tools_4.0.2-6+nmu1_i386.deb
 40a0342608ab40944882676ac1c5dda97f5f175f 78740 
libtiff-opengl_4.0.2-6+nmu1_i386.deb
Checksums-Sha256: 
 0b5171008d333d29eca91f42638230cfcb87e0b8e53668a1496d722648fffdee 2840 
tiff_4.0.2-6+nmu1.dsc
 90f6fb0bf82da1ee3376d94a7ed08f1b5b30edccfdbe58b7e278d1b3b05c9305 22755 
tiff_4.0.2-6+nmu1.debian.tar.gz
 1e66159c3ffa365a771492ca30b3e549b2617f6d936fe4cd86fc3386a0369a82 413172 
libtiff-doc_4.0.2-6+nmu1_all.deb
 c9051a6a7a01aaba2ff4c6e749a064b008b08c5c30c0f9757bf89010b1b5d500 234274 
libtiff5_4.0.2-6+nmu1_i386.deb
 9835ba718c9088783eff93da883df1dca825f3edfcc472a4f966d3bec2be6dcf 73582 
libtiffxx5_4.0.2-6+nmu1_i386.deb
 48125d3220379a7855b8382556d0bdd56b6958a639b243da87dc18161cf5b220 379284 
libtiff5-dev_4.0.2-6+nmu1_i386.deb
 98f4fe78a2d4ad64f6d5ce5722696771455746edba3b495628c1e748db687ad0 299138 
libtiff5-alt-dev_4.0.2-6+nmu1_i386.deb
 3bd02af840b197665f886c95c823bbcb148bc2875d8a7c8b681d928c58cb17ff 325120 
libtiff-tools_4.0.2-6+nmu1_i386.deb
 7a2010541e02a0bbd8d4f57d8cba64acc1ae7784c3ea7695a1f24dfc209b8a11 78740 
libtiff-opengl_4.0.2-6+nmu1_i386.deb
Files: 
 cc6954bec49ad62142f78e9ca542ff4f 2840 libs optional tiff_4.0.2-6+nmu1.dsc
 af5e57faa974c77b5e4ab54db64c9549 22755 libs optional 
tiff_4.0.2-6+nmu1.debian.tar.gz
 4c6976d9e392ce3391bcd1fd5a69a16e 413172 doc optional 
libtiff-doc_4.0.2-6+nmu1_all.deb
 2c7a103f87cd312fb9afc209e954338c 234274 libs optional 
libtiff5_4.0.2-6+nmu1_i386.deb
 e1dec047b184db62e743dbec1e47012c 73582 libs optional 
libtiffxx5_4.0.2-6+nmu1_i386.deb
 4e641c0751d7c22a66f72de55b5935e8 379284 libdevel optional 
libtiff5-dev_4.0.2-6+nmu1_i386.deb
 4f9972c64d941198bc12bbe1c6e6da45 299138 libdevel optional 
libtiff5-alt-dev_4.0.2-6+nmu1_i386.deb
 a3e9fbc0354c24ff3276d396f406e7d4 325120 graphics optional 
libtiff-tools_4.0.2-6+nmu1_i386.deb
 b1b9a4f700bd1fd5b2a85e5ec95a7ae8 78740 graphics optional 
libtiff-opengl_4.0.2-6+nmu1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJRvm9rAAoJELjWss0C1vRzc/0f/jQ2dIqukv57mdL/yLO80Hf6
0fSvzxzwvpwwpOp3zEp2EeqMd+ILPNtIn/8UhIb55pSEQlJPGw9V6Z4TF4t8Fean
HiuLn3dzPw7nj3H5nCp3N8QA/vAVD36qcLbyJchNdpHeCulm7c4h/4WSeWQ/Z/AP
Er9+ut9jBuu8n/x9l7Dg8lfz1fC44VvhciWyebKhdJtcmPVPJDoDGkMLA7NX404p
yBAHylwM7tABoiDm++Dp09A0E2ggDdAKNmpTPqbQVzFf7GQ9+LBdOGCCETDWnyp0
19x4uy8myqklskhXQ/vntuEgxllByKDxoMTxhDG4fgcr34PjkJYdLnKAVNHK5iQc
FC9e0ilkxWddshPT7OPXewrfM9xZP1YJNdeLgxa0uNa5rNwlf+nZX5ZY7gDSFtvX
9Qr6anFC+f1mWZfMJ+PxFbefxosnsRfRAQiNmUFJblbHc7aFvAiqsLkUWPivHCEF
kewjE2yyB0003cecGAUV6Nwld5JW6OtkP0SEAyDY5wayMtYPPdA4n90ZQmVe6XNx
3nd3AHhckOY8fktxPzxTNb8Mc+Wy5Oc0ENyLnm3u38HQnDWQKzvAklZv8Gb44CC9
5tTWs3fUrrORb3UCzRphrU5/5thT4fp6NHUBDV//IjR5xQm6q28apg1WWyagEvUn
XnDXX+ZKtYRLfRaHB2zLWSYDbjwOwdwSh9l/TR1Af6JZ5aZTWgkTE/zgLnDtnzWr
rLIHcV9H+v4OiZMXYd2Egj9qFJUgO+rspAYoUSzhG/lvuc1uiR+C71IWLIXRxTnE
WduNtO/WyES4pp3KF6BaYvx4b8H2cObDQE8+o+v8l7iuB9PlF4rWRG6QdWsZ6uCH
iQE2lrCbDizE9yD7mBXTzASG49IDlL47TVD0tKB435wbZkkfkXNIjjDNEd0ulW6X
uoV43lFpbTv2c/ckl6hE+9c4WMpJHRADAtrC1c321zrjc03xtpvzXkxaLZc1gZbx
J+pMEXMVyeg5x1qsd8HJphp8ef05ZVN/epjYhQZ0UlD+I7t7RWUzQieOZKPhIzCJ
prdEczF+YtuV0hkcHdpF5xQ9qw6qp7yQGn1puF7tZEJ80mtZpPUIz3r4fL3Q8igy
EqZrg2mp8/Tjo96WTpQ1wET1DzKvRXOkfl8k4oMApqAzIP4qdFhJULNYBYliKDvT
3zY00QP3wDqRzw677bik3wbpaZ2f77LWRRheE7Yv+osWGamqGQNQYJNI9aQEMk56
2dTA/6K03gXJqIV9iLM2rXwLYZhbZZF1FKtqiS6Nuvzoati6J4h9rMg3WocZx6sZ
c6W2WTvk+cKQ/h4UdhYUiIBJOVP3QSJ3DEzdZCgcunGSslvpOsnG9rvZkiK5+hM=
=8M9v
-----END PGP SIGNATURE-----

--- End Message ---