Debian Bug report logs -
#862929
CVE-2016-10371
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 18 May 2017 20:42:02 UTC
Severity: important
Tags: security
Found in version tiff/4.0.7-6
Fixed in version tiff/4.0.7-7
Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
Bug#862929
; Package src:tiff
.
(Thu, 18 May 2017 20:42:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>
:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>
.
(Thu, 18 May 2017 20:42:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: tiff
Severity: important
Tags: security
Hi,
please see
http://bugzilla.maptools.org/show_bug.cgi?id=2535
http://bugzilla.maptools.org/show_bug.cgi?id=2612
Patch is here:
https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
Cheers,
Moritz
Marked as found in versions tiff/4.0.7-6.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org
.
(Thu, 18 May 2017 20:51:03 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>
:
You have taken responsibility.
(Sat, 20 May 2017 18:39:08 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>
:
Bug acknowledged by developer.
(Sat, 20 May 2017 18:39:08 GMT) (full text, mbox, link).
Message #12 received at 862929-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 4.0.7-7
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 862929@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 20 May 2017 16:35:43 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.7-7
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 809066 842043 862929
Changes:
tiff (4.0.7-7) unstable; urgency=high
.
* Backport security fix for CVE-2016-10371 (closes: #862929).
* Backport security fix for CVE-2015-7554 (closes: #809066, #842043).
Checksums-Sha1:
0636b19f19daff724743622caccedd67c2cad6c2 2157 tiff_4.0.7-7.dsc
d71a6ff99b2665d22c6141c855e9749d490f86d4 30436 tiff_4.0.7-7.debian.tar.xz
7092d9167f4e55be5d4fcc3897814cf2b5b87360 389140 libtiff-doc_4.0.7-7_all.deb
2755b8195f753867cffdaca673ec788fd13d96f1 14190 libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
ef834aebdbce75a2c4532e9e457f161e36e3fa68 96862 libtiff-opengl_4.0.7-7_amd64.deb
83173dd1ac507b8e5d3125519b0677c5e9790ffa 351428 libtiff-tools-dbgsym_4.0.7-7_amd64.deb
7103715be70a3bea603a6e11f2c9518cd42047dc 277678 libtiff-tools_4.0.7-7_amd64.deb
92cfd7b5c0fe651cc61eef7b44688938b6eee740 367400 libtiff5-dbgsym_4.0.7-7_amd64.deb
71eb3764b27153750c1f510f386781dce0a49f78 354144 libtiff5-dev_4.0.7-7_amd64.deb
019c5aa5f3ebdd7ab50c4cceb6b8c1cc55d8fe23 231688 libtiff5_4.0.7-7_amd64.deb
759ea78dd96a944e71d65c0634ecae1e6601b42b 21032 libtiffxx5-dbgsym_4.0.7-7_amd64.deb
d63cf7d7484e3808ca1753c06649b6b2cd8db1a0 92154 libtiffxx5_4.0.7-7_amd64.deb
d0cc63bc00f99096614aafd7120d60dff78faf44 11095 tiff_4.0.7-7_amd64.buildinfo
Checksums-Sha256:
bf5ba199187dbaac9bae34c24b6d83226dbb52e59ae087f2365cd3ab1287dcbd 2157 tiff_4.0.7-7.dsc
bc332bc152941e188c11982baf697d969fb0f6d25739dbbabe97cc5d536d7d92 30436 tiff_4.0.7-7.debian.tar.xz
be2b77e964906afcbf221ec716c47cd5524c3e27f1e55e15bb9353081375e18a 389140 libtiff-doc_4.0.7-7_all.deb
edc1115287eeff7729c7e7d47fa6f08206c8e925d5f5e5d197921d1d3e1e361e 14190 libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
1b22bf56b32d94bc96065266e11a150daa4e56b45d22457a099e32e938998998 96862 libtiff-opengl_4.0.7-7_amd64.deb
9f177ac43160ccf968bed8900edb97eeb1afeddc3ef362d52a6aec4698df02d1 351428 libtiff-tools-dbgsym_4.0.7-7_amd64.deb
6e3e6c9541eeab9713909a7bc7f50566698675b941a274d5da5f17d318f6531b 277678 libtiff-tools_4.0.7-7_amd64.deb
0e283081488fad90549425af511f3ad940a9f991882a11f694f37a27828dc1a2 367400 libtiff5-dbgsym_4.0.7-7_amd64.deb
9f604a3a8d2adb653923d09ac3face46a243c494324db50d61fb00609deaf2a8 354144 libtiff5-dev_4.0.7-7_amd64.deb
9d25724274d793b6b4cb03d03b4ab6da0fb4699c4f5d3c8b8e8f2dcafb848d18 231688 libtiff5_4.0.7-7_amd64.deb
1978dfbe69bb1ddf45d9d1aab7ec3154d931cb2084019477a1820911f8bf261f 21032 libtiffxx5-dbgsym_4.0.7-7_amd64.deb
61102d815349d131686c6eaa69a57c037391f796e6710d8b2d7a0a237d7de6f6 92154 libtiffxx5_4.0.7-7_amd64.deb
7e822b23f2395c81d71f30cdeedf6033ef621180f3502d427adb3471496a541d 11095 tiff_4.0.7-7_amd64.buildinfo
Files:
de81201f985aa4b3a13dfb9fa4e1a521 2157 libs optional tiff_4.0.7-7.dsc
a354ecb69b02dc0b9da78d05dcb1c319 30436 libs optional tiff_4.0.7-7.debian.tar.xz
ea6c5ae17eef49831611e7cba9281fdb 389140 doc optional libtiff-doc_4.0.7-7_all.deb
d704c78e0bcbffbb75faf86fdb203f4e 14190 debug extra libtiff-opengl-dbgsym_4.0.7-7_amd64.deb
b99078ea0a6233442d03a2570a47218d 96862 graphics optional libtiff-opengl_4.0.7-7_amd64.deb
438231cad22fa613a5df47b90238e3de 351428 debug extra libtiff-tools-dbgsym_4.0.7-7_amd64.deb
078daf0e69c3f085b6f26aac60e04361 277678 graphics optional libtiff-tools_4.0.7-7_amd64.deb
e6e6a48230aafb84cc656bb36072bfd0 367400 debug extra libtiff5-dbgsym_4.0.7-7_amd64.deb
1a009a5765d301395f7980efe57156d2 354144 libdevel optional libtiff5-dev_4.0.7-7_amd64.deb
79aaa07ce624e6db03d8135633f674e9 231688 libs optional libtiff5_4.0.7-7_amd64.deb
10ee76c391bf30145d56c2c4f9ee201d 21032 debug extra libtiffxx5-dbgsym_4.0.7-7_amd64.deb
1da83b4d7502da018f3ea3e938c12855 92154 libs optional libtiffxx5_4.0.7-7_amd64.deb
480371fbb8cb13a9452c591c9d213a35 11095 libs optional tiff_4.0.7-7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlkghpkACgkQ3OMQ54ZM
yL/tgBAAiSwERhkaylCxVcV9FrQmd/PXDvEW62Y3oILFJtZupgQ+E+omPGCriHke
+MxgdsZwAnSHGWznFdJQsNJE3ywgbirXkY3lA9/4231Eg7+9TojjMUoM518PfD2k
RqUv0MLov7W3q+J30xHplC/Z3SR/Wo12gP8XCz/P2soItP84+SJ8ZELm9GeszxVh
fpIoqfbvT2ZNF4zTwdoTk9r/6dLoet7K4Ov70B/Czwfjnt7Qfm7utDiQJAy/CakO
jROCNuqmfGvObYCCKPc1IUdco2ujQ45BTQJ39qEGxtRvWPE1+Pj3fV3QjHhfQmkT
s00hF7oJIg8QXTJgI5VDHyxsfPMiwuFSpImeIcPuYEKIb6Wn+tLRErbNFC2/pZ7M
9h6yMDVOfye4HoKjRiNKYs6d+6rxZ6di1BI28BDpnoJEUjy8YUaSQhKZuUqFJz6Q
MDk0t2HH9WgTgF2SE+lem8g8yCxo7vxcPE0nKxnitWu9JzPtm7DaRdAgcR4Ch7k1
+wIaDbxxfW5Z3iwsUv1WPxK2EuMgCXU8mtKFkPjTOhwEgIqIbeQyS/m5MkgHvezQ
TxILVVunt3iVHYCZrtOxoBvM11IWPFYL+R4irlsvJYwCk35bxB9ypBdkwaJuV1c+
8S42zZX36hIkiHZ+xKTS5B+6LGtMlpVOTIsluzjfaiR6FMLl/9A=
=rwxg
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 02 Jul 2017 07:27:00 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:52:27 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.