Your message dated Thu, 20 Jun 2013 22:18:44 +0000
with message-id <[email protected]>
and subject line Bug#706675: fixed in tiff 3.9.4-5+squeeze9
has caused the Debian Bug report #706675,
regarding libtiff-tools: CVE-2013-1960: Heap-based buffer overflow in
t2_process_jpeg_strip
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
706675: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706675
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: libtiff-tools
Version: 4.0.2-6
Severity: important
Tags: security
Please see: http://www.openwall.com/lists/oss-security/2013/05/02/4
---
Henri Salo
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 3.9.4-5+squeeze9
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Jun 2013 01:41:22 +0000
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl
libtiff-doc
Architecture: source all amd64
Version: 3.9.4-5+squeeze9
Distribution: oldstable-security
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 706674 706675
Changes:
tiff (3.9.4-5+squeeze9) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
Checksums-Sha1:
658a8373603ab65d46c1111d3038defb20c77d24 2568 tiff_3.9.4-5+squeeze9.dsc
a4e32d55afbbcabd0391a9c89995e8e8a19961de 1436968 tiff_3.9.4.orig.tar.gz
efeecd0915a0c0852eb6cb0478fb81f18f7bfc87 32817
tiff_3.9.4-5+squeeze9.debian.tar.gz
f03bcfb8ae90371d568776ca40b4b473635b5fa2 403970
libtiff-doc_3.9.4-5+squeeze9_all.deb
4f80bc75b78f8fc4fd32c77bd4eef28a67fca8ce 195416
libtiff4_3.9.4-5+squeeze9_amd64.deb
e521c8d44c5dc8a979865919e660aa3829bee7d2 59414
libtiffxx0c2_3.9.4-5+squeeze9_amd64.deb
a6efc7377a08e43c3f82bc7d3b7679fa107fa203 323014
libtiff4-dev_3.9.4-5+squeeze9_amd64.deb
0f73570be1565535b1449fbfee70d45e16ce5c93 302376
libtiff-tools_3.9.4-5+squeeze9_amd64.deb
dced618bb9f78165b3be20b5ee03268a5157322f 64746
libtiff-opengl_3.9.4-5+squeeze9_amd64.deb
Checksums-Sha256:
dc7c9a5ffc7a9342c18dad9ff3159e8c12e077f2eae3c33d6188822f159de15f 2568
tiff_3.9.4-5+squeeze9.dsc
67b76d075fb74f7cb32e7e4b217701674755fe6cee0f463b259a753fce691da6 1436968
tiff_3.9.4.orig.tar.gz
05acd02234bb335e832bbed739609e46cd2f6dd0338e4c2e198de37190f06699 32817
tiff_3.9.4-5+squeeze9.debian.tar.gz
009d87ba24962282a7bede2a560d777411a9649e5d2a0f560f0dfc36bde724ff 403970
libtiff-doc_3.9.4-5+squeeze9_all.deb
54d087cf38dfe437b34e3f457ec7ed1b266c54cf1dfd7af024a9f368e7ba51c2 195416
libtiff4_3.9.4-5+squeeze9_amd64.deb
37d941a3cb33d4a2a97ffce97bd2d8fa28f7439e6f33991a051b0f3783209d90 59414
libtiffxx0c2_3.9.4-5+squeeze9_amd64.deb
7f050b1f590e7e28e1fe8c7c777a420b897b689b787c7a0183851c591710faa0 323014
libtiff4-dev_3.9.4-5+squeeze9_amd64.deb
7804aac340cb20e6e0bce87d3c3d02bf1cc689e85bbd80e3716e38cfb0801fed 302376
libtiff-tools_3.9.4-5+squeeze9_amd64.deb
30030ecd4ea72585c3f0958bd48c44a04ffb96705f130ee780b5bf5ec6c7d954 64746
libtiff-opengl_3.9.4-5+squeeze9_amd64.deb
Files:
8bd02077335b7e4897ce5a6b9920b97b 2568 libs optional tiff_3.9.4-5+squeeze9.dsc
2006c1bdd12644dbf02956955175afd6 1436968 libs optional tiff_3.9.4.orig.tar.gz
fa41d61dbf889e40acb0a8d9b67b9faf 32817 libs optional
tiff_3.9.4-5+squeeze9.debian.tar.gz
46ffeb1b6fe37d2b0076f7dd1e4c383c 403970 doc optional
libtiff-doc_3.9.4-5+squeeze9_all.deb
4dc640fac92983bf70bd0e8ff4d8afbd 195416 libs optional
libtiff4_3.9.4-5+squeeze9_amd64.deb
6257b39d5c25a1f60652d7681d36fed0 59414 libs optional
libtiffxx0c2_3.9.4-5+squeeze9_amd64.deb
16c6e3edb67da37f99a47c93a234b414 323014 libdevel optional
libtiff4-dev_3.9.4-5+squeeze9_amd64.deb
1500f984fc7ebd4332fbe52436b0d8ee 302376 graphics optional
libtiff-tools_3.9.4-5+squeeze9_amd64.deb
49d97876047d66f6df753b3914ec6d8a 64746 graphics optional
libtiff-opengl_3.9.4-5+squeeze9_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJRvnCUAAoJELjWss0C1vRzBKUf/RfE4f+SsbRkx3ehTFjAmm0G
wTHQqxmkFe6hJquEGAWhUxamNjKay24d6k+e5NB/9Pw/05VIwmY2lMsqj5RMwK80
kXS2iXb46RH7uS9Wn4OUmjGwCDFd5E7jmRsJ+tLfn6RrLZpKqoWAJeEkq0u/LFaS
wu0HqPs5CYuYskxocAFLqaU5ImAbvI6bCu+U0r0f8aNmoqMCDAV5FGyXyjb3SmjV
zo+n9jBSGIlJGcfEjFCXc5BhWTF0aWoIM9McGGVJ8bZQ+avqtVOcyrXdjldXgzCj
IGzT6YWbtJpAR9zn9A4+8wgYqb1xQqiPg3uvThFJngxG0njVWU0M4E3z/+Sf1rOD
N0w0eSRsZzhytdtqhK9KsYLZ5eHWUuGE7ngCrrLbgKlXabIqT7lw838Q4HNPigBa
XQWP2r0Rs1zj5FVBGOQbCEOVpLW8NV/V+egUeHEr3zckah25tXUSciO0jPEmcgCK
VBJQSp0QXY+Q0eR+BnM8mumXLGhVHqZBUnYumLUThoKoa7xYAXwEtO+FU5IkARTw
LfKFpSmqx0fORgYeKtdDT8qE40X8GDDIOB201RZghClF3UFpSQFSJpXmNHDuGkkr
dEB97/xQVizBj7RDyooytf9ERpQouMFTaNG2m3NVUc5GFdet/4txudrKkb15Ac2O
Nl8YSAyVHE8U5/7NxPfwJ4/P/5wXMIS7lxN+6uokj25DEdqWQijbhPdQ8AsmedYv
JhSUrOHllGP66LdKkI8B7Hm1WwjB4OpZjPaR7jLoQ821QucbjRfyDQ5dMaFA4I7i
L37x/oSjRklGdSF3WPFU+u8vit/9X5DKx7f9yV9ggDqC+2Shso//orY+98i7p/aB
AJCbrdb3xM+Vp5mcgCBqMAJIXXqPn82Zqk62QXVg2e3GQY3oJssJmT0P601Io629
16W23+dicnpjO7Y6HE7O69y+yqhgo1ZH7MAh/lpsBL3ej0y8G/WJZ7i0dWJL2DaA
AcAuU9bIg4Aui5Cs8H+3Sr2C9omikIu2OsTnjhWMF5S/HBEvf7qjPUO7u0tM/bke
/1JYUp9wyjNDpSVmbHQKlOG8b2xVrYUcFkmDE0SmBRdn8PlH+K4HmEOMhfHyQ5sZ
FfssOcZv94C7pZ4vhueLix/VIgVgPd0poCanjNAV6bokhcUhFw65MWw6TYTyenRZ
2NQs3aRXT40ao4pUD9+9PxEkw0N3qgT8zAJOGe9igOsilh+2OdDmUimfIep57uKC
YRb+bsCRyc3NjuRIr7J3OL+6iZpaA4e7egqmkj6VrxWAXGRJHFXJVMOnToN+1g/d
q+ODwZzvDBP7XgI2dpQJDH00wTVwM3aE3uISdHxEV/dikdtSLtBSf/q/IBcteC8=
=JILD
-----END PGP SIGNATURE-----
--- End Message ---
