Your message dated Fri, 15 Jul 2005 16:09:00 -0400
with message-id <[EMAIL PROTECTED]>
and subject line fixed in oldstable-security
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 May 2005 08:17:40 +0000
>From [EMAIL PROTECTED] Thu May 19 01:17:40 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mail01.pironet-ndh.com (mail02.pironet-ndh.com) [194.64.31.10]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DYgDs-000500-00; Thu, 19 May 2005 01:17:40 -0700
Received: from mail.fbn-dd.de (mail.fbn-dd.de [195.227.105.178])
by mail02.pironet-ndh.com (Postfix) with ESMTP id 752D834258
for <[EMAIL PROTECTED]>; Thu, 19 May 2005 10:17:07 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de
(192-168-0-1.transfer-000.intranet.fbn-dd.de [192.168.0.1])
by mail.fbn-dd.de (Postfix) with ESMTP id 243A81F950
for <[EMAIL PROTECTED]>; Thu, 19 May 2005 10:17:07 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP id 11E521E6B9
for <[EMAIL PROTECTED]>; Thu, 19 May 2005 10:17:07 +0200 (CEST)
Received: from sonne.intranet.fbn-dd.de (localhost [127.0.0.1])
by localhost (AvMailGate-2.0.1.16) id 14901-488D7C00;
Thu, 19 May 2005 10:17:06 +0200
Received: from localhost.localdomain (10-28-130-200.intranet-28-130.fbn-dd.de
[10.28.130.200])
by sonne.intranet.fbn-dd.de (Postfix) with ESMTP id E42E51E6B9
for <[EMAIL PROTECTED]>; Thu, 19 May 2005 10:17:06 +0200 (CEST)
Received: by localhost.localdomain (Postfix, from userid 1000)
id 8E90642F; Thu, 19 May 2005 10:17:07 +0200 (CEST)
Date: Thu, 19 May 2005 10:17:07 +0200
From: Martin Pitt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: libtiff4: vulnerable to CAN-2005-1544
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="qDbXVdCdHGoSgWSk"
Content-Disposition: inline
User-Agent: Mutt/1.5.9i
X-AntiVirus: checked by AntiVir MailGate (version: 2.0.1.16; AVE: 6.30.0.12;
VDF: 6.30.0.184; host: sonne)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--qDbXVdCdHGoSgWSk
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: libtiff4
Version: 3.7.2-2
Severity: critical
Tags: security
Hi!
Libtiff is vulnerable to another exploitable segfault, see
http://bugzilla.remotesensing.org/show_bug.cgi?id=3D843
for details.
However, please don't take the patch attached to that bug report, it's
incomplete. Upstream CVS has the complete patch, you can also grab it
=66rom
http://bugs.gentoo.org/attachment.cgi?id=3D58276
For Sid you should probably just package the new upstream version, but
for Sarge the patch is fine (I already ported it to 3.6.1 for Ubuntu's
releases and tested it).
Thanks,
Martin
--=20
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
--qDbXVdCdHGoSgWSk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCjEuDDecnbV4Fd/IRApvUAKDzo3ddG99ogHlVDvfMluSmviXEFgCffvko
iK3dMiMNuQ7Vy5nzAyjV1Lo=
=qyC1
-----END PGP SIGNATURE-----
--qDbXVdCdHGoSgWSk--
---------------------------------------
Received: (at 309739-done) by bugs.debian.org; 15 Jul 2005 20:09:03 +0000
>From [EMAIL PROTECTED] Fri Jul 15 13:09:03 2005
Return-path: <[EMAIL PROTECTED]>
Received: from through.apexcovantage.com [65.166.131.3]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1DtWUZ-00052P-00; Fri, 15 Jul 2005 13:09:03 -0700
Received: from [192.168.0.1] (helo=apex.acv.apexcovantage.com)
by through.apexcovantage.com with esmtp (Exim 4.50)
id 1DtWUW-0004dv-C3
for [EMAIL PROTECTED]; Fri, 15 Jul 2005 16:09:00 -0400
Received: from soup.acv.apexcovantage.com ([192.168.0.5] ident=Debian-exim)
by apex.acv.apexcovantage.com with esmtp (Exim 4.50)
id 1DtWUW-0003Ex-9R
for [EMAIL PROTECTED]; Fri, 15 Jul 2005 16:09:00 -0400
Received: from ejb by soup.acv.apexcovantage.com with local (Exim 4.50)
id 1DtWUW-0000vn-6C
for [EMAIL PROTECTED]; Fri, 15 Jul 2005 16:09:00 -0400
From: Jay Berkenbilt <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: fixed in oldstable-security
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 15 Jul 2005 16:09:00 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Apex-MailScanner: Found to be clean
X-Apex-MailScanner-From: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no
version=2.60-bugs.debian.org_2005_01_02
This bug has been fixed in 3.5.5-7, available as an oldstable security
update.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
