Your message dated Thu, 22 Aug 2013 18:03:51 +0000
with message-id <[email protected]>
and subject line Bug#719303: fixed in tiff 4.0.3-2
has caused the Debian Bug report #719303,
regarding tiff: CVE-2013-4231 CVE-2013-4232
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
719303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719303
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tiff
Severity: important
Tags: security upstream
Hi,
the following vulnerabilities were published for tiff.
CVE-2013-4231[0]:
Stack-based buffer overflow
CVE-2013-4232[1]:
use after free
These where found by Pedro Ribeiro[2] and are found all in the tools
part.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4231
[1] http://security-tracker.debian.org/tracker/CVE-2013-4232
[2] http://www.asmail.be/msg0055359936.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 4.0.3-2
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 22 Aug 2013 11:52:58 -0400
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools
libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.3-2
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Jay Berkenbilt <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative
development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 719303
Changes:
tiff (4.0.3-2) unstable; urgency=high
.
* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
(Closes: #719303)
Checksums-Sha1:
3536331c83b561b3e6a511e6289581c404e87c88 2139 tiff_4.0.3-2.dsc
176db38ad7a64a49921d181182e6dbdcacdbe24d 21926 tiff_4.0.3-2.debian.tar.gz
100f7abd527cef9b6dd7c6dd598b5901443ce2a5 361976 libtiff-doc_4.0.3-2_all.deb
08d5081f0e075bd59e3394f67cfa4a6325bb3cc7 207180 libtiff5_4.0.3-2_amd64.deb
cd4073598ee445326c26931ea5949d573410d619 73432 libtiffxx5_4.0.3-2_amd64.deb
01aa323337cf78d53ea67f0ccddff0ba7c638e49 330408 libtiff5-dev_4.0.3-2_amd64.deb
d2eb5926a73813862ce5bf2022d64c1c8b39850f 242490
libtiff5-alt-dev_4.0.3-2_amd64.deb
6c51357da9aa60cca8c613944abe170fd5aa6f12 282154 libtiff-tools_4.0.3-2_amd64.deb
de6656e07cd17f8381d4e6888584cb592657c8d9 78562 libtiff-opengl_4.0.3-2_amd64.deb
Checksums-Sha256:
8103e1bcfc95a9eb835fe90619c29d45704ca0150f2daf7621e3959d73e73280 2139
tiff_4.0.3-2.dsc
4bd8919436c9845dd1d2935d1ec7c40cfce677703bbae963a58c1db9cba88511 21926
tiff_4.0.3-2.debian.tar.gz
55037af0b5ef4f78891916a714e92caaeee9cd930030b3b6cc179acff9aa2c2c 361976
libtiff-doc_4.0.3-2_all.deb
1e9db4d46f8776fd1346febe8f9c931264720730329935959588a23caa7960cf 207180
libtiff5_4.0.3-2_amd64.deb
15468786c1e8dc0d527495a964133879b083a23bbd1bfce42d3c22a4f5b41f0b 73432
libtiffxx5_4.0.3-2_amd64.deb
64ae6cfd1ff8de3f16ba2c4126a986ecf5cc1c58836db2d48b14b46b832947ec 330408
libtiff5-dev_4.0.3-2_amd64.deb
aabc6308ef57b44f0dae323c7dd30c44377d883d53cde01dde45f4651f9aa498 242490
libtiff5-alt-dev_4.0.3-2_amd64.deb
b709d56c52bb2a273584e17c150c1a84d7429931355c01728b57101ca3dc510c 282154
libtiff-tools_4.0.3-2_amd64.deb
477384a14cfb647e11bfc917f2f15bb1630f4b8baab884e3ad0d8f98ce05d1b0 78562
libtiff-opengl_4.0.3-2_amd64.deb
Files:
557ed883225c152971c18ef2aa3ecce7 2139 libs optional tiff_4.0.3-2.dsc
7d8a0ee33180bbd0ec8fdabad37e88db 21926 libs optional tiff_4.0.3-2.debian.tar.gz
c2a5ff3fcd8d88cf8a728eff39a2d097 361976 doc optional
libtiff-doc_4.0.3-2_all.deb
df1d34cea38b389bdbe53c23c043fd7f 207180 libs optional
libtiff5_4.0.3-2_amd64.deb
9978a6bc389e3ebfaf7bb23b2ff9e1c0 73432 libs optional
libtiffxx5_4.0.3-2_amd64.deb
25049ec8940b01e39f3c42f4611b980d 330408 libdevel optional
libtiff5-dev_4.0.3-2_amd64.deb
fa5238cfed8b75b42b86b08332ffb80b 242490 libdevel optional
libtiff5-alt-dev_4.0.3-2_amd64.deb
7795aa72524fa83bd233e08472f61aad 282154 graphics optional
libtiff-tools_4.0.3-2_amd64.deb
1a30f4a71b4c0561d68aa46c977c9433 78562 graphics optional
libtiff-opengl_4.0.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSFk5yAAoJEIp10QmYASx+0D8P/iC8+4tvDSUNJsVslRaMC3DK
W4fylNFIqJstEpH3LGf15XnjKSicKco7jq/gieX+lT6YWaOOZnkchLYNrU/CMb9W
wVTj02Pnsd2BGL+eSLHWVLhoEQ664WN8jeLnyzhhW5bvG+0L7zBF8CT7BzJjrNR/
bz5vH3AsZqjKpEcWdYo2Cxo8Jor1FGUHdjirZLr82wiirffxmGQxs8zoJRPjloYV
6mBFN3IeCxbsvlYGBwaiWaXKpaFkGbaL4drzM28n1MgyN8JgPrc26k4Mg0BYgX19
APGOUCdNwQ2D1pL5BJA/sqD7NtfFW9UlEioWYPP+XJnET6Mna7/FJv5aJTaHiucn
YrZbAlGTahPvgE1t/ENiqC0W8uMbjZSSLbjQyu8pBknp9PY40dOuAWy5fcPnNxkW
wtFFn85GdBrTLbnpCpIig1Kf+KNhcGY4GrZ8rJ2sS/tOw1eUXX1evxeJ9c6wG785
ELJhlK/qdUSXfUIg0FX/geGJ/4p3+VZEgeWEfa2HKN10bx3GEetpY8P/JZP3tsst
MgFGMJnahQhnXQYunox+LqYkbmqZZ4BUxzKmdXpN/6RUiwOgvUz/i6tjz6qZXLcR
SYZkMoMVwEyQTYurY3WnGibWq0WMeN+fX+EMeXNrIM4Vo5ZsW/lBAvebGK4Hp9Kh
VPB/CDqbNVKgFFhxKsZx
=1zq7
-----END PGP SIGNATURE-----
--- End Message ---
