Related Vulnerabilities: CVE-2015-7554 CVE-2016-5318 CVE-2014-8128 CVE-2016-10371

Source

Debian Bug report logs - #809066
tiff: CVE-2015-7554

Package: src:tiff; Maintainer for src:tiff is Laszlo Boszormenyi (GCS) <gcs@debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Sat, 26 Dec 2015 21:24:02 UTC

Severity: important

Tags: patch, security, upstream

Merged with 842043

Found in versions tiff/3.9.4-5, tiff/4.0.5-1

Fixed in version tiff/4.0.7-7

Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>

Bug is archived. No further changes may be made.

Forwarded to http://bugzilla.maptools.org/show_bug.cgi?id=2580

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ondřej Surý <ondrej@debian.org>:
Bug#809066; Package src:tiff. (Sat, 26 Dec 2015 21:24:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Ondřej Surý <ondrej@debian.org>. (Sat, 26 Dec 2015 21:24:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: tiff
Version: 4.0.5-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for tiff.

CVE-2015-7554[0]:
invalid write

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7554
[1] http://www.openwall.com/lists/oss-security/2015/12/26/7

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Marked as found in versions tiff/3.9.4-5. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Sun, 27 Dec 2015 06:06:04 GMT) (full text, mbox, link).

Merged 809066 842043 Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Tue, 25 Oct 2016 14:39:17 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'http://bugzilla.maptools.org/show_bug.cgi?id=2564'. Request was from Raphaël Hertzog <hertzog@debian.org> to control@bugs.debian.org. (Tue, 25 Oct 2016 14:51:04 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#809066; Package src:tiff. (Thu, 27 Oct 2016 15:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to Raphael Hertzog <hertzog@debian.org>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Thu, 27 Oct 2016 15:27:05 GMT) (full text, mbox, link).

Message #16 received at 809066@bugs.debian.org (full text, mbox, reply):

Control: forwarded -1 http://bugzilla.maptools.org/show_bug.cgi?id=2580
Control: tags -1 + patch

On Sat, 26 Dec 2015, Salvatore Bonaccorso wrote:
> the following vulnerability was published for tiff.
> CVE-2015-7554[0]:

With the merged bug #842043, this bug really tracks multiple issues
all caused by the same underlying problem tracked upstream
in http://bugzilla.maptools.org/show_bug.cgi?id=2580

I have submitted a patch upstream that fixes the issue for me
for both CVE-2015-7554 and CVE-2016-5318 and also the remaining
unfixed issues reported in CVE-2014-8128.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: http://www.freexian.com/services/debian-lts.html
Learn to master Debian: http://debian-handbook.info/get/

Changed Bug forwarded-to-address to 'http://bugzilla.maptools.org/show_bug.cgi?id=2580' from 'http://bugzilla.maptools.org/show_bug.cgi?id=2564'. Request was from Raphael Hertzog <hertzog@debian.org> to 809066-submit@bugs.debian.org. (Thu, 27 Oct 2016 15:27:05 GMT) (full text, mbox, link).

Added tag(s) patch. Request was from Raphael Hertzog <hertzog@debian.org> to 809066-submit@bugs.debian.org. (Thu, 27 Oct 2016 15:27:06 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#809066; Package src:tiff. (Thu, 18 May 2017 17:39:05 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Thu, 18 May 2017 17:39:05 GMT) (full text, mbox, link).

Message #25 received at 809066@bugs.debian.org (full text, mbox, reply):

On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> Source: tiff
> Version: 4.0.5-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for tiff.
> 
> CVE-2015-7554[0]:
> invalid write

I'm attaching the patch used by Red Hat for RHEL. It doesn't
seem to have been sent upstream, but seems sane.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#809066; Package src:tiff. (Thu, 18 May 2017 18:15:03 GMT) (full text, mbox, link).

Acknowledgement sent to László Böszörményi (GCS) <gcs@debian.org>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Thu, 18 May 2017 18:15:03 GMT) (full text, mbox, link).

Message #30 received at 809066@bugs.debian.org (full text, mbox, reply):

Hi Moritz,

On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff <jmm@debian.org> wrote:
> On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
>> Source: tiff
>> Version: 4.0.5-1
>> Severity: important
>> Tags: security upstream
>>
>> the following vulnerability was published for tiff.
>>
>> CVE-2015-7554[0]:
>> invalid write
>
> I'm attaching the patch used by Red Hat for RHEL. It doesn't
> seem to have been sent upstream, but seems sane.
 I miss the patch, did you attach it?

Cheers,
Laszlo/GCS

Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#809066; Package src:tiff. (Thu, 18 May 2017 19:12:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Thu, 18 May 2017 19:12:03 GMT) (full text, mbox, link).

Message #35 received at 809066@bugs.debian.org (full text, mbox, reply):

[Message part 1 (text/plain, inline)]

Hi,

On Thu, May 18, 2017 at 08:12:50PM +0200, László Böszörményi (GCS) wrote:
> Hi Moritz,
> 
> On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff <jmm@debian.org> wrote:
> > On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> >> Source: tiff
> >> Version: 4.0.5-1
> >> Severity: important
> >> Tags: security upstream
> >>
> >> the following vulnerability was published for tiff.
> >>
> >> CVE-2015-7554[0]:
> >> invalid write
> >
> > I'm attaching the patch used by Red Hat for RHEL. It doesn't
> > seem to have been sent upstream, but seems sane.
>  I miss the patch, did you attach it?

This one should basically correspond:

https://git.centos.org/raw/rpms!libtiff/1ad9335dc0c1325262c62842eda01476243ec821/SOURCES!libtiff-CVE-2015-7554.patch

Regards,
Salvatore

[libtiff-CVE-2015-7554.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#809066; Package src:tiff. (Thu, 18 May 2017 20:30:09 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>. (Thu, 18 May 2017 20:30:09 GMT) (full text, mbox, link).

Message #40 received at 809066@bugs.debian.org (full text, mbox, reply):

On Thu, May 18, 2017 at 09:09:11PM +0200, Salvatore Bonaccorso wrote:
> Hi,
> 
> On Thu, May 18, 2017 at 08:12:50PM +0200, László Böszörményi (GCS) wrote:
> > Hi Moritz,
> > 
> > On Thu, May 18, 2017 at 7:36 PM, Moritz Muehlenhoff <jmm@debian.org> wrote:
> > > On Sat, Dec 26, 2015 at 10:21:52PM +0100, Salvatore Bonaccorso wrote:
> > >> Source: tiff
> > >> Version: 4.0.5-1
> > >> Severity: important
> > >> Tags: security upstream
> > >>
> > >> the following vulnerability was published for tiff.
> > >>
> > >> CVE-2015-7554[0]:
> > >> invalid write
> > >
> > > I'm attaching the patch used by Red Hat for RHEL. It doesn't
> > > seem to have been sent upstream, but seems sane.
> >  I miss the patch, did you attach it?
> 
> This one should basically correspond:

Ack that's the correct patch, sorry.

Cheers,
        Moritz

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Sat, 20 May 2017 18:39:03 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Sat, 20 May 2017 18:39:03 GMT) (full text, mbox, link).

Message #45 received at 809066-close@bugs.debian.org (full text, mbox, reply):

Source: tiff
Source-Version: 4.0.7-7

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 809066@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 20 May 2017 16:35:43 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.7-7
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 809066 842043 862929
Changes:
 tiff (4.0.7-7) unstable; urgency=high
 .
   * Backport security fix for CVE-2016-10371 (closes: #862929).
   * Backport security fix for CVE-2015-7554 (closes: #809066, #842043).
Checksums-Sha1:
 0636b19f19daff724743622caccedd67c2cad6c2 2157 tiff_4.0.7-7.dsc
 d71a6ff99b2665d22c6141c855e9749d490f86d4 30436 tiff_4.0.7-7.debian.tar.xz
 7092d9167f4e55be5d4fcc3897814cf2b5b87360 389140 libtiff-doc_4.0.7-7_all.deb
 2755b8195f753867cffdaca673ec788fd13d96f1 14190 libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
 ef834aebdbce75a2c4532e9e457f161e36e3fa68 96862 libtiff-opengl_4.0.7-7_amd64.deb
 83173dd1ac507b8e5d3125519b0677c5e9790ffa 351428 libtiff-tools-dbgsym_4.0.7-7_amd64.deb
 7103715be70a3bea603a6e11f2c9518cd42047dc 277678 libtiff-tools_4.0.7-7_amd64.deb
 92cfd7b5c0fe651cc61eef7b44688938b6eee740 367400 libtiff5-dbgsym_4.0.7-7_amd64.deb
 71eb3764b27153750c1f510f386781dce0a49f78 354144 libtiff5-dev_4.0.7-7_amd64.deb
 019c5aa5f3ebdd7ab50c4cceb6b8c1cc55d8fe23 231688 libtiff5_4.0.7-7_amd64.deb
 759ea78dd96a944e71d65c0634ecae1e6601b42b 21032 libtiffxx5-dbgsym_4.0.7-7_amd64.deb
 d63cf7d7484e3808ca1753c06649b6b2cd8db1a0 92154 libtiffxx5_4.0.7-7_amd64.deb
 d0cc63bc00f99096614aafd7120d60dff78faf44 11095 tiff_4.0.7-7_amd64.buildinfo
Checksums-Sha256:
 bf5ba199187dbaac9bae34c24b6d83226dbb52e59ae087f2365cd3ab1287dcbd 2157 tiff_4.0.7-7.dsc
 bc332bc152941e188c11982baf697d969fb0f6d25739dbbabe97cc5d536d7d92 30436 tiff_4.0.7-7.debian.tar.xz
 be2b77e964906afcbf221ec716c47cd5524c3e27f1e55e15bb9353081375e18a 389140 libtiff-doc_4.0.7-7_all.deb
 edc1115287eeff7729c7e7d47fa6f08206c8e925d5f5e5d197921d1d3e1e361e 14190 libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
 1b22bf56b32d94bc96065266e11a150daa4e56b45d22457a099e32e938998998 96862 libtiff-opengl_4.0.7-7_amd64.deb
 9f177ac43160ccf968bed8900edb97eeb1afeddc3ef362d52a6aec4698df02d1 351428 libtiff-tools-dbgsym_4.0.7-7_amd64.deb
 6e3e6c9541eeab9713909a7bc7f50566698675b941a274d5da5f17d318f6531b 277678 libtiff-tools_4.0.7-7_amd64.deb
 0e283081488fad90549425af511f3ad940a9f991882a11f694f37a27828dc1a2 367400 libtiff5-dbgsym_4.0.7-7_amd64.deb
 9f604a3a8d2adb653923d09ac3face46a243c494324db50d61fb00609deaf2a8 354144 libtiff5-dev_4.0.7-7_amd64.deb
 9d25724274d793b6b4cb03d03b4ab6da0fb4699c4f5d3c8b8e8f2dcafb848d18 231688 libtiff5_4.0.7-7_amd64.deb
 1978dfbe69bb1ddf45d9d1aab7ec3154d931cb2084019477a1820911f8bf261f 21032 libtiffxx5-dbgsym_4.0.7-7_amd64.deb
 61102d815349d131686c6eaa69a57c037391f796e6710d8b2d7a0a237d7de6f6 92154 libtiffxx5_4.0.7-7_amd64.deb
 7e822b23f2395c81d71f30cdeedf6033ef621180f3502d427adb3471496a541d 11095 tiff_4.0.7-7_amd64.buildinfo
Files:
 de81201f985aa4b3a13dfb9fa4e1a521 2157 libs optional tiff_4.0.7-7.dsc
 a354ecb69b02dc0b9da78d05dcb1c319 30436 libs optional tiff_4.0.7-7.debian.tar.xz
 ea6c5ae17eef49831611e7cba9281fdb 389140 doc optional libtiff-doc_4.0.7-7_all.deb
 d704c78e0bcbffbb75faf86fdb203f4e 14190 debug extra libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
 b99078ea0a6233442d03a2570a47218d 96862 graphics optional libtiff-opengl_4.0.7-7_amd64.deb
 438231cad22fa613a5df47b90238e3de 351428 debug extra libtiff-tools-dbgsym_4.0.7-7_amd64.deb
 078daf0e69c3f085b6f26aac60e04361 277678 graphics optional libtiff-tools_4.0.7-7_amd64.deb
 e6e6a48230aafb84cc656bb36072bfd0 367400 debug extra libtiff5-dbgsym_4.0.7-7_amd64.deb
 1a009a5765d301395f7980efe57156d2 354144 libdevel optional libtiff5-dev_4.0.7-7_amd64.deb
 79aaa07ce624e6db03d8135633f674e9 231688 libs optional libtiff5_4.0.7-7_amd64.deb
 10ee76c391bf30145d56c2c4f9ee201d 21032 debug extra libtiffxx5-dbgsym_4.0.7-7_amd64.deb
 1da83b4d7502da018f3ea3e938c12855 92154 libs optional libtiffxx5_4.0.7-7_amd64.deb
 480371fbb8cb13a9452c591c9d213a35 11095 libs optional tiff_4.0.7-7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlkghpkACgkQ3OMQ54ZM
yL/tgBAAiSwERhkaylCxVcV9FrQmd/PXDvEW62Y3oILFJtZupgQ+E+omPGCriHke
+MxgdsZwAnSHGWznFdJQsNJE3ywgbirXkY3lA9/4231Eg7+9TojjMUoM518PfD2k
RqUv0MLov7W3q+J30xHplC/Z3SR/Wo12gP8XCz/P2soItP84+SJ8ZELm9GeszxVh
fpIoqfbvT2ZNF4zTwdoTk9r/6dLoet7K4Ov70B/Czwfjnt7Qfm7utDiQJAy/CakO
jROCNuqmfGvObYCCKPc1IUdco2ujQ45BTQJ39qEGxtRvWPE1+Pj3fV3QjHhfQmkT
s00hF7oJIg8QXTJgI5VDHyxsfPMiwuFSpImeIcPuYEKIb6Wn+tLRErbNFC2/pZ7M
9h6yMDVOfye4HoKjRiNKYs6d+6rxZ6di1BI28BDpnoJEUjy8YUaSQhKZuUqFJz6Q
MDk0t2HH9WgTgF2SE+lem8g8yCxo7vxcPE0nKxnitWu9JzPtm7DaRdAgcR4Ch7k1
+wIaDbxxfW5Z3iwsUv1WPxK2EuMgCXU8mtKFkPjTOhwEgIqIbeQyS/m5MkgHvezQ
TxILVVunt3iVHYCZrtOxoBvM11IWPFYL+R4irlsvJYwCk35bxB9ypBdkwaJuV1c+
8S42zZX36hIkiHZ+xKTS5B+6LGtMlpVOTIsluzjfaiR6FMLl/9A=
=rwxg
-----END PGP SIGNATURE-----

Reply sent to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility. (Sat, 20 May 2017 18:39:03 GMT) (full text, mbox, link).

Notification sent to Raphael Hertzog <hertzog@debian.org>:
Bug acknowledged by developer. (Sat, 20 May 2017 18:39:04 GMT) (full text, mbox, link).

Message #50 received at 842043-close@bugs.debian.org (full text, mbox, reply):

Source: tiff
Source-Version: 4.0.7-7

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 842043@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 20 May 2017 16:35:43 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.7-7
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 809066 842043 862929
Changes:
 tiff (4.0.7-7) unstable; urgency=high
 .
   * Backport security fix for CVE-2016-10371 (closes: #862929).
   * Backport security fix for CVE-2015-7554 (closes: #809066, #842043).
Checksums-Sha1:
 0636b19f19daff724743622caccedd67c2cad6c2 2157 tiff_4.0.7-7.dsc
 d71a6ff99b2665d22c6141c855e9749d490f86d4 30436 tiff_4.0.7-7.debian.tar.xz
 7092d9167f4e55be5d4fcc3897814cf2b5b87360 389140 libtiff-doc_4.0.7-7_all.deb
 2755b8195f753867cffdaca673ec788fd13d96f1 14190 libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
 ef834aebdbce75a2c4532e9e457f161e36e3fa68 96862 libtiff-opengl_4.0.7-7_amd64.deb
 83173dd1ac507b8e5d3125519b0677c5e9790ffa 351428 libtiff-tools-dbgsym_4.0.7-7_amd64.deb
 7103715be70a3bea603a6e11f2c9518cd42047dc 277678 libtiff-tools_4.0.7-7_amd64.deb
 92cfd7b5c0fe651cc61eef7b44688938b6eee740 367400 libtiff5-dbgsym_4.0.7-7_amd64.deb
 71eb3764b27153750c1f510f386781dce0a49f78 354144 libtiff5-dev_4.0.7-7_amd64.deb
 019c5aa5f3ebdd7ab50c4cceb6b8c1cc55d8fe23 231688 libtiff5_4.0.7-7_amd64.deb
 759ea78dd96a944e71d65c0634ecae1e6601b42b 21032 libtiffxx5-dbgsym_4.0.7-7_amd64.deb
 d63cf7d7484e3808ca1753c06649b6b2cd8db1a0 92154 libtiffxx5_4.0.7-7_amd64.deb
 d0cc63bc00f99096614aafd7120d60dff78faf44 11095 tiff_4.0.7-7_amd64.buildinfo
Checksums-Sha256:
 bf5ba199187dbaac9bae34c24b6d83226dbb52e59ae087f2365cd3ab1287dcbd 2157 tiff_4.0.7-7.dsc
 bc332bc152941e188c11982baf697d969fb0f6d25739dbbabe97cc5d536d7d92 30436 tiff_4.0.7-7.debian.tar.xz
 be2b77e964906afcbf221ec716c47cd5524c3e27f1e55e15bb9353081375e18a 389140 libtiff-doc_4.0.7-7_all.deb
 edc1115287eeff7729c7e7d47fa6f08206c8e925d5f5e5d197921d1d3e1e361e 14190 libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
 1b22bf56b32d94bc96065266e11a150daa4e56b45d22457a099e32e938998998 96862 libtiff-opengl_4.0.7-7_amd64.deb
 9f177ac43160ccf968bed8900edb97eeb1afeddc3ef362d52a6aec4698df02d1 351428 libtiff-tools-dbgsym_4.0.7-7_amd64.deb
 6e3e6c9541eeab9713909a7bc7f50566698675b941a274d5da5f17d318f6531b 277678 libtiff-tools_4.0.7-7_amd64.deb
 0e283081488fad90549425af511f3ad940a9f991882a11f694f37a27828dc1a2 367400 libtiff5-dbgsym_4.0.7-7_amd64.deb
 9f604a3a8d2adb653923d09ac3face46a243c494324db50d61fb00609deaf2a8 354144 libtiff5-dev_4.0.7-7_amd64.deb
 9d25724274d793b6b4cb03d03b4ab6da0fb4699c4f5d3c8b8e8f2dcafb848d18 231688 libtiff5_4.0.7-7_amd64.deb
 1978dfbe69bb1ddf45d9d1aab7ec3154d931cb2084019477a1820911f8bf261f 21032 libtiffxx5-dbgsym_4.0.7-7_amd64.deb
 61102d815349d131686c6eaa69a57c037391f796e6710d8b2d7a0a237d7de6f6 92154 libtiffxx5_4.0.7-7_amd64.deb
 7e822b23f2395c81d71f30cdeedf6033ef621180f3502d427adb3471496a541d 11095 tiff_4.0.7-7_amd64.buildinfo
Files:
 de81201f985aa4b3a13dfb9fa4e1a521 2157 libs optional tiff_4.0.7-7.dsc
 a354ecb69b02dc0b9da78d05dcb1c319 30436 libs optional tiff_4.0.7-7.debian.tar.xz
 ea6c5ae17eef49831611e7cba9281fdb 389140 doc optional libtiff-doc_4.0.7-7_all.deb
 d704c78e0bcbffbb75faf86fdb203f4e 14190 debug extra libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
 b99078ea0a6233442d03a2570a47218d 96862 graphics optional libtiff-opengl_4.0.7-7_amd64.deb
 438231cad22fa613a5df47b90238e3de 351428 debug extra libtiff-tools-dbgsym_4.0.7-7_amd64.deb
 078daf0e69c3f085b6f26aac60e04361 277678 graphics optional libtiff-tools_4.0.7-7_amd64.deb
 e6e6a48230aafb84cc656bb36072bfd0 367400 debug extra libtiff5-dbgsym_4.0.7-7_amd64.deb
 1a009a5765d301395f7980efe57156d2 354144 libdevel optional libtiff5-dev_4.0.7-7_amd64.deb
 79aaa07ce624e6db03d8135633f674e9 231688 libs optional libtiff5_4.0.7-7_amd64.deb
 10ee76c391bf30145d56c2c4f9ee201d 21032 debug extra libtiffxx5-dbgsym_4.0.7-7_amd64.deb
 1da83b4d7502da018f3ea3e938c12855 92154 libs optional libtiffxx5_4.0.7-7_amd64.deb
 480371fbb8cb13a9452c591c9d213a35 11095 libs optional tiff_4.0.7-7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlkghpkACgkQ3OMQ54ZM
yL/tgBAAiSwERhkaylCxVcV9FrQmd/PXDvEW62Y3oILFJtZupgQ+E+omPGCriHke
+MxgdsZwAnSHGWznFdJQsNJE3ywgbirXkY3lA9/4231Eg7+9TojjMUoM518PfD2k
RqUv0MLov7W3q+J30xHplC/Z3SR/Wo12gP8XCz/P2soItP84+SJ8ZELm9GeszxVh
fpIoqfbvT2ZNF4zTwdoTk9r/6dLoet7K4Ov70B/Czwfjnt7Qfm7utDiQJAy/CakO
jROCNuqmfGvObYCCKPc1IUdco2ujQ45BTQJ39qEGxtRvWPE1+Pj3fV3QjHhfQmkT
s00hF7oJIg8QXTJgI5VDHyxsfPMiwuFSpImeIcPuYEKIb6Wn+tLRErbNFC2/pZ7M
9h6yMDVOfye4HoKjRiNKYs6d+6rxZ6di1BI28BDpnoJEUjy8YUaSQhKZuUqFJz6Q
MDk0t2HH9WgTgF2SE+lem8g8yCxo7vxcPE0nKxnitWu9JzPtm7DaRdAgcR4Ch7k1
+wIaDbxxfW5Z3iwsUv1WPxK2EuMgCXU8mtKFkPjTOhwEgIqIbeQyS/m5MkgHvezQ
TxILVVunt3iVHYCZrtOxoBvM11IWPFYL+R4irlsvJYwCk35bxB9ypBdkwaJuV1c+
8S42zZX36hIkiHZ+xKTS5B+6LGtMlpVOTIsluzjfaiR6FMLl/9A=
=rwxg
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 02 Jul 2017 07:27:19 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:59:53 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

tiff: CVE-2015-7554

Debian Bug report logs - #809066
tiff: CVE-2015-7554

Vulmon Search

About

Products

Connect

tiff: CVE-2015-7554

Debian Bug report logs - #809066 tiff: CVE-2015-7554

Vulmon Search

About

Products

Connect

Debian Bug report logs - #809066
tiff: CVE-2015-7554