Bug#809021: marked as done (tiff: CVE-2015-8683: out-of-bounds read in CIE Lab image format)

Wed, 10 Feb 2016 14:23:36 -0800 

Your message dated Wed, 10 Feb 2016 22:18:19 +0000
with message-id <[email protected]>
and subject line Bug#809021: fixed in tiff 4.0.3-12.3+deb8u1
has caused the Debian Bug report #809021,
regarding tiff: CVE-2015-8683: out-of-bounds read in CIE Lab image format
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
809021: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809021
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: tiff
Version: 3.9.4-5
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tiff.

CVE-2015-8683[0]:
out-of-bounds read in CIE Lab image format

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-8683
[1] http://www.openwall.com/lists/oss-security/2015/12/25/2

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: tiff
Source-Version: 4.0.3-12.3+deb8u1

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 02 Jan 2016 09:18:06 +0100
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source all amd64
Version: 4.0.3-12.3+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Ondřej Surý <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 808968 809021
Changes:
 tiff (4.0.3-12.3+deb8u1) jessie-security; urgency=high
 .
   * Backport upstream fixes for:
     - CVE-2015-8665 an out-of-bound read in TIFFRGBAImage interface
       (closes: #808968),
     - CVE-2015-8683 an out-of-bounds read in CIE Lab image format
       (closes: #809021),
     - CVE-2015-8781 out of bounds write at tif_luv.c:208,
     - CVE-2015-8782 potential out-of-bound writes in decode,
     - CVE-2015-8783 potential out-of-bound reads in case of short input data,
     - CVE-2015-8784 potential out-of-bound write in NeXTDecode().
Checksums-Sha1:
 1592d69661d4bffeb0924770cadb0280dc6c6bfd 2226 tiff_4.0.3-12.3+deb8u1.dsc
 652e97b78f1444237a82cbcfe014310e776eb6f0 2051630 tiff_4.0.3.orig.tar.gz
 16b525b3b71102ba1992427c85ffea6d5fa7044a 31764 
tiff_4.0.3-12.3+deb8u1.debian.tar.xz
 59f99a67bd84376b1bf6956334e7288c98d70fb2 363528 
libtiff-doc_4.0.3-12.3+deb8u1_all.deb
 2f42ea521422199af07572678f573bb86c438138 213448 
libtiff5_4.0.3-12.3+deb8u1_amd64.deb
 017e23930fa66c217d579e4a4a930df5267279df 74990 
libtiffxx5_4.0.3-12.3+deb8u1_amd64.deb
 6340bab6581ae5f9bfabbb338cb61b846f483dc0 335260 
libtiff5-dev_4.0.3-12.3+deb8u1_amd64.deb
 f225923488fd1c419d54fbbfeeccbdaaafe24e4e 285694 
libtiff-tools_4.0.3-12.3+deb8u1_amd64.deb
 c9706d6a178b9d85f1e0638f128534adad05cb3a 79906 
libtiff-opengl_4.0.3-12.3+deb8u1_amd64.deb
Checksums-Sha256:
 eb8d25c4f28aafb3ddbe29d29f91876c13539da38011837ad974f65838cf5fec 2226 
tiff_4.0.3-12.3+deb8u1.dsc
 ea1aebe282319537fb2d4d7805f478dd4e0e05c33d0928baba76a7c963684872 2051630 
tiff_4.0.3.orig.tar.gz
 a689adbd64ff8220fb095bceface04417068e69d6ec98063db3489f1c02410a6 31764 
tiff_4.0.3-12.3+deb8u1.debian.tar.xz
 682b3f9e7e2cd7fd982dc3c51ed92a4529e25ad3336496f11358f7f0c30c9e6d 363528 
libtiff-doc_4.0.3-12.3+deb8u1_all.deb
 06b4254a0a78fdf199b044975d5b750902ca8916400db7cc309deeba44dee42e 213448 
libtiff5_4.0.3-12.3+deb8u1_amd64.deb
 132dc95ca561cfa7f0ac7bd25e1c73ded1052414566f74128d921ad73bfaf817 74990 
libtiffxx5_4.0.3-12.3+deb8u1_amd64.deb
 66475418fa4790016ed42e91b9fead8214605a2b604b4cab7837cadb6ad6ada5 335260 
libtiff5-dev_4.0.3-12.3+deb8u1_amd64.deb
 43ca07b50381d45ecf1e2430c7960c0e0a301ad0d0567d51a7e8bc4c328b5347 285694 
libtiff-tools_4.0.3-12.3+deb8u1_amd64.deb
 6e2680ef375c241484fa8e4c354ebf3f8519e4bbe72533d985c76cb1d23ef084 79906 
libtiff-opengl_4.0.3-12.3+deb8u1_amd64.deb
Files:
 336b29c642a4c3f44eca5644b95c0600 2226 libs optional tiff_4.0.3-12.3+deb8u1.dsc
 051c1068e6a0627f461948c365290410 2051630 libs optional tiff_4.0.3.orig.tar.gz
 8994b58cf108e18084acd4813f376963 31764 libs optional 
tiff_4.0.3-12.3+deb8u1.debian.tar.xz
 1ee185ebe665b2fa80d2dfdf857a9b35 363528 doc optional 
libtiff-doc_4.0.3-12.3+deb8u1_all.deb
 97b01df72c1d4b2c94db92ef79e6dddc 213448 libs optional 
libtiff5_4.0.3-12.3+deb8u1_amd64.deb
 691332632e03c9bf4393ba3f2763227c 74990 libs optional 
libtiffxx5_4.0.3-12.3+deb8u1_amd64.deb
 952ae037759bc976f131e78ac1f49262 335260 libdevel optional 
libtiff5-dev_4.0.3-12.3+deb8u1_amd64.deb
 0f0121dc6100287e623ecb6836f0bbfb 285694 graphics optional 
libtiff-tools_4.0.3-12.3+deb8u1_amd64.deb
 6afe47c3712577cc97147a1a76ac98c0 79906 graphics optional 
libtiff-opengl_4.0.3-12.3+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWskzoAAoJENzjEOeGTMi/BOIQAJ3KABfZjXqpDUS8tkX3JMLg
Xwvf9p6EviRXLME3cCW/WBHQBfJ72mBUxergJEgzUydQXnl6rKvyCKmpegnNdFu/
j7oJ8Jnw1kCxqf/UT3gDMsUZxd6ghaYBmR/qEbrq0DmruI7GNUXzoHmT+PaNrny1
4fhQf5Fr+6V+iswVdy8Yxy1IMDYxzmai8xLYJ2AThw1mjdj92TBOJPpfFVkAHVWN
8t2nA6fcgH6D1Ubj/bfcRIWXIt38j10oSND1WBss1qyLEgj0HyxHD3kuEqcN/YSx
STCJ9VYrROk4JH8wPQqDdDXEl5v+Hx0vy2SIvofR2/ShpRvKVQHyQgYb/L9UsueP
RrcKiHg8k0HyyMLGCs7KSmCC1jDYt9d59laxY0iunaBT1KJqALNw0X46AtyyzZkL
7E5mPM7z9y8IDHl3oqZ6u8hYi+YLk44J3yB7el0JAVd6y1VdgGQdYzv37u/iESZG
7frYw/lkU2R91st+f5d6HDk88qwQm0dK/L1zFf813oIrOGlxdQqJshFHMYWKQJYp
x30LYxsRPkLqpABGO1ep2uoYMBJqStYPsdZYDG7onca1W8nPm+YnXUPEXcJwQUYH
8uwVFJgEaosQpRkNgyeoc9tKkXsOM29olt7IPywMspWEWDD+gvXVFC7hz8kEXlZC
GuyIx7lMG0gDL7czhQpo
=yyTs
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to