Your message dated Tue, 23 Oct 2012 12:47:04 +0000
with message-id <[email protected]>
and subject line Bug#688944: fixed in tiff 3.9.4-5+squeeze6
has caused the Debian Bug report #688944,
regarding tiff: CVE-2012-4447
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
688944: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688944
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: tiff
Severity: grave
Tags: security
Justification: user security hole
Another buffer overflow, please see here for details:
https://bugzilla.redhat.com/show_bug.cgi?id=860198
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 3.9.4-5+squeeze6
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 05 Oct 2012 16:54:07 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl
libtiff-doc
Architecture: source all amd64
Version: 3.9.4-5+squeeze6
Distribution: stable-security
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Jay Berkenbilt <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 688944
Changes:
tiff (3.9.4-5+squeeze6) stable-security; urgency=high
.
* Add fix for CVE-2012-4447, a buffer overrun. (Closes: #688944)
* CVE-2012-2088 was actually included in previous version but not listed
in the change log.
Checksums-Sha1:
40d63cae7fce65cd2dc8d3bc7fe998d04fe17686 1872 tiff_3.9.4-5+squeeze6.dsc
826fd16f944029acf961200a8f39bad6b883e2cd 23461
tiff_3.9.4-5+squeeze6.debian.tar.gz
a28d858df070aa2ba88bf14e32e4834f38dfc972 386210
libtiff-doc_3.9.4-5+squeeze6_all.deb
d0fb357ea0bed3cfe8070c0669e2562f912ae690 195236
libtiff4_3.9.4-5+squeeze6_amd64.deb
9e6819492c905ac67b2f32dee00b067646d0b4e8 59156
libtiffxx0c2_3.9.4-5+squeeze6_amd64.deb
32527cd6eec9c784796d58841c8b42202cdb8556 322238
libtiff4-dev_3.9.4-5+squeeze6_amd64.deb
5ea4c865bea04e25fcaf66fb7ff1ca2d73bed481 302624
libtiff-tools_3.9.4-5+squeeze6_amd64.deb
11b0ce5b09f8ec3874dc43c052c339ee5622c278 64584
libtiff-opengl_3.9.4-5+squeeze6_amd64.deb
Checksums-Sha256:
98bfadeee93b550978a749770da018b5d609d9a28ccb14e3d483a73e33522e0c 1872
tiff_3.9.4-5+squeeze6.dsc
518f411acb06f11e0ced8b35a146f6a5af13e75a08a9b76771e9bec28bb6717c 23461
tiff_3.9.4-5+squeeze6.debian.tar.gz
7b05eb3e00fcc30be34c1d422def0631a25c5e8f770b12715eb2f50c315f66a2 386210
libtiff-doc_3.9.4-5+squeeze6_all.deb
75c55b8bca6be18d4d601ad527e4ab011d1a39cee7a73d721e28da90485b9279 195236
libtiff4_3.9.4-5+squeeze6_amd64.deb
33f66d8c63cbcdbdf24b384609af64faeeb3c181d62cd89afbf8e4e0c90daa26 59156
libtiffxx0c2_3.9.4-5+squeeze6_amd64.deb
5fc7b86a31e0f974d06e0ac8b5b7f0f214c15cdd2f4bdb4ed5322bf1fbd7e4d9 322238
libtiff4-dev_3.9.4-5+squeeze6_amd64.deb
28085274adcd5763038a82bdd3f11255ac6b61c26c80aeddc59359adc77eb49e 302624
libtiff-tools_3.9.4-5+squeeze6_amd64.deb
76fe7f3d38559b4cc4989745193dc3121db5200af2b6fc95a211e7c388c97266 64584
libtiff-opengl_3.9.4-5+squeeze6_amd64.deb
Files:
25abb92033975fd729cf217e25124fe8 1872 libs optional tiff_3.9.4-5+squeeze6.dsc
9a5c313688e6dedd4794e41075601c98 23461 libs optional
tiff_3.9.4-5+squeeze6.debian.tar.gz
76114ec8cd1be06d6ab086dbba683df0 386210 doc optional
libtiff-doc_3.9.4-5+squeeze6_all.deb
0ae16ee48239438fb09bad92f2426303 195236 libs optional
libtiff4_3.9.4-5+squeeze6_amd64.deb
509849af062fbe2e3f71cc9d7c17a49b 59156 libs optional
libtiffxx0c2_3.9.4-5+squeeze6_amd64.deb
8693c0158ca318631f0d0e776589f3ce 322238 libdevel optional
libtiff4-dev_3.9.4-5+squeeze6_amd64.deb
e819e927a359cd0714fd697bc162700e 302624 graphics optional
libtiff-tools_3.9.4-5+squeeze6_amd64.deb
7758668b72e0c9fc5b1d70310b909674 64584 graphics optional
libtiff-opengl_3.9.4-5+squeeze6_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBAgAGBQJQb1WfAAoJEIp10QmYASx+a/gP/iaI7J1jb8o2Kp/jy1YDoaOz
h/CQKHXdTyAsVaE95ybokQspK4OpE8NBkDu65QNN2J8LhlWxwXGg73K0fZtbS5yh
ZoL0tuSH4MS3lS6FbV8oSvwvVJQ8CRwBYNHoHm8gl9ZENYClZJ8DwmAFtUoKS6xz
radlYSE9kHQZVwAOCIlPH3S/0zGwI5ySH0H86YLpVEqZ8CP3149yUqWJG9bfi4Sf
LfwpR8mXF0jEPnFG4Z0SgZjshAbUiMbjvioZesp+KLo8WNOeizozbJ3DBWZmxinj
FrO8N9gUZ3mD9QH3PPgbMUvoROHkLJ2kBqdf2wj71cmD2Jb09BrHcJZwVjVWTSPg
lPUi5g6CGy7BQ1Nmk/DV6Ly/7lj4ODyOb+Nrr+XkrC6znt8QYH00rc39UNw0D6hg
iktCeBKrpvAc89wvCMkQ8uYtxR6VCnDIkO8+lJOn4OB9HoApfItwGiwoa6oX0ey/
cL1i0o7kHDO2uigXmSEPM3k9QzJW7/Psckg7/XhuB30MuHE4gFDZ8WJRiYHMNawd
+iID2LjGv/x7ATy86uI/8C9nI6tKuTcpz1TR84AwkPTnGAS87Yd8UttePYIJGK2a
xJcm1xUD1Umpq5LnedOJs8UvVBrUEzTmzQR+GJz4E3zueq7Pz8eKHToeiWdVuqRX
I+/lttGYPq9ZJUwcfyii
=N6rn
-----END PGP SIGNATURE-----
--- End Message ---
