Your message dated Sun, 01 Sep 2013 21:50:09 +0000
with message-id <[email protected]>
and subject line Bug#719303: fixed in tiff 4.0.2-6+deb7u2
has caused the Debian Bug report #719303,
regarding tiff: CVE-2013-4231 CVE-2013-4232
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
719303: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=719303
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tiff
Severity: important
Tags: security upstream
Hi,
the following vulnerabilities were published for tiff.
CVE-2013-4231[0]:
Stack-based buffer overflow
CVE-2013-4232[1]:
use after free
These where found by Pedro Ribeiro[2] and are found all in the tools
part.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2013-4231
[1] http://security-tracker.debian.org/tracker/CVE-2013-4232
[2] http://www.asmail.be/msg0055359936.html
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 4.0.2-6+deb7u2
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 24 Aug 2013 11:25:11 -0400
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools
libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.2-6+deb7u2
Distribution: stable-security
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Jay Berkenbilt <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative
development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 719303
Changes:
tiff (4.0.2-6+deb7u2) stable-security; urgency=high
.
* Incorporated fixes to security issues CVE-2013-4231, CVE-2013-4232.
(Closes: #719303)
* Incorporated fix to CVE-2013-4244.
Checksums-Sha1:
a36ccee98684658c36b8328fd937dfc52fe8684f 2152 tiff_4.0.2-6+deb7u2.dsc
006d3077d60c8a6c3e09e41c1f5c358bbbe8368c 23154
tiff_4.0.2-6+deb7u2.debian.tar.gz
0bcb5c530c1710956ffada193e9901c42a7584e0 395592
libtiff-doc_4.0.2-6+deb7u2_all.deb
9fd8c4f19b0c84c5fcb5ed7294cc7c052c257cbb 234210
libtiff5_4.0.2-6+deb7u2_amd64.deb
74c17599041ef9720d39bcf84ba4bbebadbbf951 73358
libtiffxx5_4.0.2-6+deb7u2_amd64.deb
7cedda73699aaf84639336e1656ba2279f0ca21b 376016
libtiff5-dev_4.0.2-6+deb7u2_amd64.deb
e40a06b9cb834fc402a7494b17a15c1f314884e4 296050
libtiff5-alt-dev_4.0.2-6+deb7u2_amd64.deb
cd3a68061e38f30b5c25db537c526279fdeffb09 337334
libtiff-tools_4.0.2-6+deb7u2_amd64.deb
bbd443fb617341353728cb7f5b41466ecba3773d 79006
libtiff-opengl_4.0.2-6+deb7u2_amd64.deb
Checksums-Sha256:
e2e6fc1420c06d28383fec88ab68e426f5fc2b30efd37b64e58caee94a8d877d 2152
tiff_4.0.2-6+deb7u2.dsc
312e5ce52a988f58ee495e0fdd5d5d3d94963e039786f849ddb7d447c21a505d 23154
tiff_4.0.2-6+deb7u2.debian.tar.gz
8ba2cf17b22d0c15bfd6a4f175299d31bad95296a67f28ae2c0242c10622ce42 395592
libtiff-doc_4.0.2-6+deb7u2_all.deb
68f658a1eda33416df8dfb9cd0b05974aeb837a920c229d659ccf7d12852b40a 234210
libtiff5_4.0.2-6+deb7u2_amd64.deb
0609ac1ffdcb68e5da4b279257a43efc4e2dd0af233c0aa84f608a5828eaf897 73358
libtiffxx5_4.0.2-6+deb7u2_amd64.deb
974f4e254f6963e624016d2e8bb603d979e0bf22a1c4c2c3ef6e49c05a9231d6 376016
libtiff5-dev_4.0.2-6+deb7u2_amd64.deb
150d7b9e1b60db20e9f6c8831921a25ef6abc3c67619576855518423baec939f 296050
libtiff5-alt-dev_4.0.2-6+deb7u2_amd64.deb
92ddf361a7b1f9bcfdde85aaeb9186054c6076140a332ed0e66a75e055aabaae 337334
libtiff-tools_4.0.2-6+deb7u2_amd64.deb
e91676c51a5c45b744936ea790072abecbfc4eb5270fb73bf73052aa532c81c4 79006
libtiff-opengl_4.0.2-6+deb7u2_amd64.deb
Files:
01059a12ba6af592d0816ebe5903fe0a 2152 libs optional tiff_4.0.2-6+deb7u2.dsc
99235798ba073b6fc9d240cbd1c2e7c9 23154 libs optional
tiff_4.0.2-6+deb7u2.debian.tar.gz
378945ac4ebcb0893282fd43bc068cc0 395592 doc optional
libtiff-doc_4.0.2-6+deb7u2_all.deb
8bef0ef4c4c82511c16bf0f17f401f3a 234210 libs optional
libtiff5_4.0.2-6+deb7u2_amd64.deb
ca130e7dbcc47aeeb9dcedb16299820c 73358 libs optional
libtiffxx5_4.0.2-6+deb7u2_amd64.deb
d46a55bd9e2f5c19be3d4292dea55cf7 376016 libdevel optional
libtiff5-dev_4.0.2-6+deb7u2_amd64.deb
4aa5cf0ce4558a152cc1879f06981027 296050 libdevel optional
libtiff5-alt-dev_4.0.2-6+deb7u2_amd64.deb
a055084e68b9ab4b365af6385a28d326 337334 graphics optional
libtiff-tools_4.0.2-6+deb7u2_amd64.deb
276222ab8bd24daaf346310fc6920427 79006 graphics optional
libtiff-opengl_4.0.2-6+deb7u2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
iQIcBAEBAgAGBQJSGNQOAAoJEIp10QmYASx+H+kP/jbT1bQLTXGLm1uCzvIqU0O1
P9vzTMGExQh9X3+h9jj0IiqLVsjM9LUQZnV1ueH4Sybusk5AoYrjlbkCkcQz4KoF
ewjPwCWqMYz8W9wG4jmU/OPdMkyJLtObDjFGNac5keitbFSWSeIpemB8nXex68+D
yZdkBuvQ3MHzOQ96whV5nEa3MozS+DgQeMTVPSOMaGY+QIbZ+TeP8PlZo77D0gzR
WHuSG7qYEiZz7Q1OuBm9eVvukmLy+X2PBq2LP2zRnPn2hXUL0PiS1npPCAOjyxmp
Ul8fwmWiwAaSl2QMgZvwPat6L8Hnrv1y5dbvZJEPvzycoOMJvIrSTKoBU2OGIzbC
T3fvm+UcbBEUaA9/t83Dh9udNhMc7eyasymTQtw6kGYr0IkHQCjmdA/YFTykLDFf
llfREmrOdsccVh1UcNYLKeHqFCZrp5XvBEG9e7gD54Gh8M5IR80C0sH0rIIGr/T/
As6VR77GrqF1eUJlPQcpjgJVamAYCbXCbTa1PHlyLHbcsBkT/5/RGJ3C4kdyniPk
RIUfUttO/lcjM15P+snhgr4WHCOz54/jTeJd9aWCLc/trY5U+r43T/cYeCEyYxvE
5zoGhVg2Bg1y/jJ4ahzodS+cSD0rLxp/y5la5QKrS3RYT16P14UN+eC1PIGUmmPH
7SNtJ9BjfPOKUfO5fY/c
=grVp
-----END PGP SIGNATURE-----
--- End Message ---
