Your message dated Sun, 01 Sep 2013 21:51:08 +0000
with message-id <[email protected]>
and subject line Bug#719303: fixed in tiff 3.9.4-5+squeeze10
has caused the Debian Bug report #719303,
regarding tiff: CVE-2013-4231 CVE-2013-4232
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
719303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719303
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tiff
Severity: important
Tags: security upstream
Hi,
the following vulnerabilities were published for tiff.
CVE-2013-4231[0]:
Stack-based buffer overflow
CVE-2013-4232[1]:
use after free
These where found by Pedro Ribeiro[2] and are found all in the tools
part.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4231
[1] http://security-tracker.debian.org/tracker/CVE-2013-4232
[2] http://www.asmail.be/msg0055359936.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 3.9.4-5+squeeze10
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 24 Aug 2013 11:23:03 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl
libtiff-doc
Architecture: source all amd64
Version: 3.9.4-5+squeeze10
Distribution: oldstable-security
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Jay Berkenbilt <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 719303
Changes:
tiff (3.9.4-5+squeeze10) oldstable-security; urgency=high
.
* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
(Closes: #719303)
* Incorporated fix to CVE-2013-4244.
Checksums-Sha1:
964b29723ac003a8d0377a948e67de47ee3eb7f8 1876 tiff_3.9.4-5+squeeze10.dsc
a77d564b192c8ade38ea18a3a58d863ad435b5d4 33310
tiff_3.9.4-5+squeeze10.debian.tar.gz
d33b8305e8301ce1c74617da4016b2e99fbf0d15 386484
libtiff-doc_3.9.4-5+squeeze10_all.deb
690d77a988ab7aba02ed486925e8cc91d6e167e3 195460
libtiff4_3.9.4-5+squeeze10_amd64.deb
c3b2ad321ea0ee2e653db7ead8432d2af701b7e7 59456
libtiffxx0c2_3.9.4-5+squeeze10_amd64.deb
ebbc90cf0ee7d5eb9c284234b0f55fd531539d2a 322532
libtiff4-dev_3.9.4-5+squeeze10_amd64.deb
946af9729e221a52b69ad20d72e7887363375de3 303022
libtiff-tools_3.9.4-5+squeeze10_amd64.deb
658d7d16f5158ad8b0f60f2873d25bb859342d5f 64880
libtiff-opengl_3.9.4-5+squeeze10_amd64.deb
Checksums-Sha256:
8eccf380fbfa78c1c92fd982890902359aea298a28b3a4c87e53a332f30e33c4 1876
tiff_3.9.4-5+squeeze10.dsc
b9bdce0b1d617f45a3eb0e9926f486ce4ae59ef4c176b8acef44344401315bff 33310
tiff_3.9.4-5+squeeze10.debian.tar.gz
5a0aef5871071b178592fb0c7fde1660756ebde24b6f01ac36cb706c29dd7130 386484
libtiff-doc_3.9.4-5+squeeze10_all.deb
24e8d35da5c0a564aba037d8c59c70a21f9a661ae55de5efa0b00ff2be7746c4 195460
libtiff4_3.9.4-5+squeeze10_amd64.deb
bbe88518a6269aab663318f7ffec1db6e1366edfa7f8b48c009889e1f101c3bf 59456
libtiffxx0c2_3.9.4-5+squeeze10_amd64.deb
45ef3b93ad38f5393de548a432c8b6810288bedf04882374d215eefa6afe6d90 322532
libtiff4-dev_3.9.4-5+squeeze10_amd64.deb
a862cf6f9ed57f1fe3a762d8f0bcf2f9e3bef26655e63b1f1e5600389af83d04 303022
libtiff-tools_3.9.4-5+squeeze10_amd64.deb
42e7aa4219e98065bebcc60071c7bbab3f59330d746d4f276a3990b39200afca 64880
libtiff-opengl_3.9.4-5+squeeze10_amd64.deb
Files:
be8336c043cc0e101153db3651b7b108 1876 libs optional tiff_3.9.4-5+squeeze10.dsc
00651c8c863d1651703f93176c1bc42d 33310 libs optional
tiff_3.9.4-5+squeeze10.debian.tar.gz
3d1e0f5dbade649863d6783a7b8a18ec 386484 doc optional
libtiff-doc_3.9.4-5+squeeze10_all.deb
6a973ce78db15839d2beff2c1fba8f3b 195460 libs optional
libtiff4_3.9.4-5+squeeze10_amd64.deb
1853af611d38e4a6af7ac710cf353394 59456 libs optional
libtiffxx0c2_3.9.4-5+squeeze10_amd64.deb
81a168e58456919ae68bd9c36d7b8551 322532 libdevel optional
libtiff4-dev_3.9.4-5+squeeze10_amd64.deb
874732ba2a61cff6542a10ac1303d0ca 303022 graphics optional
libtiff-tools_3.9.4-5+squeeze10_amd64.deb
e5ea3760d3988b717a577075a475f850 64880 graphics optional
libtiff-opengl_3.9.4-5+squeeze10_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSGNQFAAoJEIp10QmYASx+c08P/3Cqu0/ldry3c72X3+PdKSjy
0W3bDvbHRYrJEsokgYkPfv6XkseoGipulrNyt4RqI9oquqGDYUtWfln3hjnZI4nO
Jvsno8JHTpEm0zlg4PN1wC1+TuDMSSFn4xsQbmq50IlIHYAc7pkUH7ACCNzniamq
zVAWjGLhLP1iuXeOdqlFQ6i2a7VynWTMPdmSzFm5GOPcAk5+cijnPuPcCytc/CyW
fIBTLAP2JQkosWW1A3B8uOEFj63/JTPs5xlQDfuy/VOu6hVE2s+nlw5YLarkIc9q
SJsDaRvq4k4nFF12vYvP71laH86AOZxfKfF/88y6zoOJrDV5veZhQqAtIKQd1pUZ
1WUsYCiDgoxC+zqIRBqRw2mDY9BxtBzIlueX0r5mK5SurnDbZLr4gPuwCPuvwZ99
21rjuQ168w1LdxovV4H5ytEfB+71Ueguv4w3t9mP/lloT3MvBv7m0pP3+ylyC1Fh
lo08SDgi65w0XyXiooM0+tXnoFt76EddzDIxVYWVvYUJcdOhr1kY59/s8Q2wEW1k
9wM7J4YjGzp7/inHGLXMaY6UbNfZiz3GIOM8fq936RhlglWPu4v1OJDGgHamoxRA
+mFSQkvYxTs2U8yLvrHDHU57CT9De3DYjTXBEplFcopVnClQPtf9RDkD5gir9fSm
hjoQnp4JmYfdpUPuvCuy
=Uzji
-----END PGP SIGNATURE-----
--- End Message ---
