Debian Bug report logs -
#706675
libtiff-tools: CVE-2013-1960: Heap-based buffer overflow in t2_process_jpeg_strip
Reported by: Henri Salo <henri@nerv.fi>
Date: Fri, 3 May 2013 09:03:02 UTC
Severity: important
Tags: security
Found in versions tiff/4.0.2-6, tiff/3.9.4-5+squeeze8
Fixed in versions tiff/4.0.2-6+nmu1, tiff/3.9.4-5+squeeze9, tiff/4.0.2-6+deb7u1
Done: Michael Gilbert <mgilbert@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#706675; Package libtiff-tools.
(Fri, 03 May 2013 09:03:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Henri Salo <henri@nerv.fi>:
New Bug report received and forwarded. Copy sent to Jay Berkenbilt <qjb@debian.org>.
(Fri, 03 May 2013 09:03:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Package: libtiff-tools
Version: 4.0.2-6
Severity: important
Tags: security
Please see: http://www.openwall.com/lists/oss-security/2013/05/02/4
---
Henri Salo
[signature.asc (application/pgp-signature, inline)]
Marked as found in versions tiff/3.9.4-5+squeeze8.
Request was from Henri Salo <henri@nerv.fi>
to control@bugs.debian.org.
(Fri, 03 May 2013 09:09:07 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#706675; Package libtiff-tools.
(Mon, 17 Jun 2013 02:12:07 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Jay Berkenbilt <qjb@debian.org>.
(Mon, 17 Jun 2013 02:12:07 GMT) (full text, mbox, link).
Message #12 received at 706675@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
I've uploaded an nmu fixing the open security issues. Please see
attached patch.
Best wishes,
Mike
[tiff.patch (application/octet-stream, attachment)]
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Mon, 17 Jun 2013 03:54:09 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Mon, 17 Jun 2013 03:54:09 GMT) (full text, mbox, link).
Message #17 received at 706675-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 4.0.2-6+nmu1
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 706675@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Jun 2013 01:27:17 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all i386
Version: 4.0.2-6+nmu1
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 706674 706675
Changes:
tiff (4.0.2-6+nmu1) unstable; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
Checksums-Sha1:
d8bf0a66447165f1142e1f6a3924ed45da79301c 2840 tiff_4.0.2-6+nmu1.dsc
b1d37089aeae80157e79295ac6bf174c6f28ade7 22755 tiff_4.0.2-6+nmu1.debian.tar.gz
9789118fdedb7be0b58bce28213fb3c54d3e6449 413172 libtiff-doc_4.0.2-6+nmu1_all.deb
cf8aadb5359e96530bd61fb35d048af2b0e199c3 234274 libtiff5_4.0.2-6+nmu1_i386.deb
9448499cbb9bc1b51bb733d52e33615a99e6feaf 73582 libtiffxx5_4.0.2-6+nmu1_i386.deb
a1b8c9b9ff4e7a8db1dc6b74d054b54ae6d92ee5 379284 libtiff5-dev_4.0.2-6+nmu1_i386.deb
9d5abf2f8d8aaca00063ececfdcfd3b16e38e8e9 299138 libtiff5-alt-dev_4.0.2-6+nmu1_i386.deb
842eaff634627bc3f9a2d5aaec54e5b5b2cbeb4a 325120 libtiff-tools_4.0.2-6+nmu1_i386.deb
40a0342608ab40944882676ac1c5dda97f5f175f 78740 libtiff-opengl_4.0.2-6+nmu1_i386.deb
Checksums-Sha256:
0b5171008d333d29eca91f42638230cfcb87e0b8e53668a1496d722648fffdee 2840 tiff_4.0.2-6+nmu1.dsc
90f6fb0bf82da1ee3376d94a7ed08f1b5b30edccfdbe58b7e278d1b3b05c9305 22755 tiff_4.0.2-6+nmu1.debian.tar.gz
1e66159c3ffa365a771492ca30b3e549b2617f6d936fe4cd86fc3386a0369a82 413172 libtiff-doc_4.0.2-6+nmu1_all.deb
c9051a6a7a01aaba2ff4c6e749a064b008b08c5c30c0f9757bf89010b1b5d500 234274 libtiff5_4.0.2-6+nmu1_i386.deb
9835ba718c9088783eff93da883df1dca825f3edfcc472a4f966d3bec2be6dcf 73582 libtiffxx5_4.0.2-6+nmu1_i386.deb
48125d3220379a7855b8382556d0bdd56b6958a639b243da87dc18161cf5b220 379284 libtiff5-dev_4.0.2-6+nmu1_i386.deb
98f4fe78a2d4ad64f6d5ce5722696771455746edba3b495628c1e748db687ad0 299138 libtiff5-alt-dev_4.0.2-6+nmu1_i386.deb
3bd02af840b197665f886c95c823bbcb148bc2875d8a7c8b681d928c58cb17ff 325120 libtiff-tools_4.0.2-6+nmu1_i386.deb
7a2010541e02a0bbd8d4f57d8cba64acc1ae7784c3ea7695a1f24dfc209b8a11 78740 libtiff-opengl_4.0.2-6+nmu1_i386.deb
Files:
cc6954bec49ad62142f78e9ca542ff4f 2840 libs optional tiff_4.0.2-6+nmu1.dsc
af5e57faa974c77b5e4ab54db64c9549 22755 libs optional tiff_4.0.2-6+nmu1.debian.tar.gz
4c6976d9e392ce3391bcd1fd5a69a16e 413172 doc optional libtiff-doc_4.0.2-6+nmu1_all.deb
2c7a103f87cd312fb9afc209e954338c 234274 libs optional libtiff5_4.0.2-6+nmu1_i386.deb
e1dec047b184db62e743dbec1e47012c 73582 libs optional libtiffxx5_4.0.2-6+nmu1_i386.deb
4e641c0751d7c22a66f72de55b5935e8 379284 libdevel optional libtiff5-dev_4.0.2-6+nmu1_i386.deb
4f9972c64d941198bc12bbe1c6e6da45 299138 libdevel optional libtiff5-alt-dev_4.0.2-6+nmu1_i386.deb
a3e9fbc0354c24ff3276d396f406e7d4 325120 graphics optional libtiff-tools_4.0.2-6+nmu1_i386.deb
b1b9a4f700bd1fd5b2a85e5ec95a7ae8 78740 graphics optional libtiff-opengl_4.0.2-6+nmu1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJRvm9rAAoJELjWss0C1vRzc/0f/jQ2dIqukv57mdL/yLO80Hf6
0fSvzxzwvpwwpOp3zEp2EeqMd+ILPNtIn/8UhIb55pSEQlJPGw9V6Z4TF4t8Fean
HiuLn3dzPw7nj3H5nCp3N8QA/vAVD36qcLbyJchNdpHeCulm7c4h/4WSeWQ/Z/AP
Er9+ut9jBuu8n/x9l7Dg8lfz1fC44VvhciWyebKhdJtcmPVPJDoDGkMLA7NX404p
yBAHylwM7tABoiDm++Dp09A0E2ggDdAKNmpTPqbQVzFf7GQ9+LBdOGCCETDWnyp0
19x4uy8myqklskhXQ/vntuEgxllByKDxoMTxhDG4fgcr34PjkJYdLnKAVNHK5iQc
FC9e0ilkxWddshPT7OPXewrfM9xZP1YJNdeLgxa0uNa5rNwlf+nZX5ZY7gDSFtvX
9Qr6anFC+f1mWZfMJ+PxFbefxosnsRfRAQiNmUFJblbHc7aFvAiqsLkUWPivHCEF
kewjE2yyB0003cecGAUV6Nwld5JW6OtkP0SEAyDY5wayMtYPPdA4n90ZQmVe6XNx
3nd3AHhckOY8fktxPzxTNb8Mc+Wy5Oc0ENyLnm3u38HQnDWQKzvAklZv8Gb44CC9
5tTWs3fUrrORb3UCzRphrU5/5thT4fp6NHUBDV//IjR5xQm6q28apg1WWyagEvUn
XnDXX+ZKtYRLfRaHB2zLWSYDbjwOwdwSh9l/TR1Af6JZ5aZTWgkTE/zgLnDtnzWr
rLIHcV9H+v4OiZMXYd2Egj9qFJUgO+rspAYoUSzhG/lvuc1uiR+C71IWLIXRxTnE
WduNtO/WyES4pp3KF6BaYvx4b8H2cObDQE8+o+v8l7iuB9PlF4rWRG6QdWsZ6uCH
iQE2lrCbDizE9yD7mBXTzASG49IDlL47TVD0tKB435wbZkkfkXNIjjDNEd0ulW6X
uoV43lFpbTv2c/ckl6hE+9c4WMpJHRADAtrC1c321zrjc03xtpvzXkxaLZc1gZbx
J+pMEXMVyeg5x1qsd8HJphp8ef05ZVN/epjYhQZ0UlD+I7t7RWUzQieOZKPhIzCJ
prdEczF+YtuV0hkcHdpF5xQ9qw6qp7yQGn1puF7tZEJ80mtZpPUIz3r4fL3Q8igy
EqZrg2mp8/Tjo96WTpQ1wET1DzKvRXOkfl8k4oMApqAzIP4qdFhJULNYBYliKDvT
3zY00QP3wDqRzw677bik3wbpaZ2f77LWRRheE7Yv+osWGamqGQNQYJNI9aQEMk56
2dTA/6K03gXJqIV9iLM2rXwLYZhbZZF1FKtqiS6Nuvzoati6J4h9rMg3WocZx6sZ
c6W2WTvk+cKQ/h4UdhYUiIBJOVP3QSJ3DEzdZCgcunGSslvpOsnG9rvZkiK5+hM=
=8M9v
-----END PGP SIGNATURE-----
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Thu, 20 Jun 2013 22:21:16 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Thu, 20 Jun 2013 22:21:16 GMT) (full text, mbox, link).
Message #22 received at 706675-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 3.9.4-5+squeeze9
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 706675@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Jun 2013 01:41:22 +0000
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 3.9.4-5+squeeze9
Distribution: oldstable-security
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 706674 706675
Changes:
tiff (3.9.4-5+squeeze9) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
Checksums-Sha1:
658a8373603ab65d46c1111d3038defb20c77d24 2568 tiff_3.9.4-5+squeeze9.dsc
a4e32d55afbbcabd0391a9c89995e8e8a19961de 1436968 tiff_3.9.4.orig.tar.gz
efeecd0915a0c0852eb6cb0478fb81f18f7bfc87 32817 tiff_3.9.4-5+squeeze9.debian.tar.gz
f03bcfb8ae90371d568776ca40b4b473635b5fa2 403970 libtiff-doc_3.9.4-5+squeeze9_all.deb
4f80bc75b78f8fc4fd32c77bd4eef28a67fca8ce 195416 libtiff4_3.9.4-5+squeeze9_amd64.deb
e521c8d44c5dc8a979865919e660aa3829bee7d2 59414 libtiffxx0c2_3.9.4-5+squeeze9_amd64.deb
a6efc7377a08e43c3f82bc7d3b7679fa107fa203 323014 libtiff4-dev_3.9.4-5+squeeze9_amd64.deb
0f73570be1565535b1449fbfee70d45e16ce5c93 302376 libtiff-tools_3.9.4-5+squeeze9_amd64.deb
dced618bb9f78165b3be20b5ee03268a5157322f 64746 libtiff-opengl_3.9.4-5+squeeze9_amd64.deb
Checksums-Sha256:
dc7c9a5ffc7a9342c18dad9ff3159e8c12e077f2eae3c33d6188822f159de15f 2568 tiff_3.9.4-5+squeeze9.dsc
67b76d075fb74f7cb32e7e4b217701674755fe6cee0f463b259a753fce691da6 1436968 tiff_3.9.4.orig.tar.gz
05acd02234bb335e832bbed739609e46cd2f6dd0338e4c2e198de37190f06699 32817 tiff_3.9.4-5+squeeze9.debian.tar.gz
009d87ba24962282a7bede2a560d777411a9649e5d2a0f560f0dfc36bde724ff 403970 libtiff-doc_3.9.4-5+squeeze9_all.deb
54d087cf38dfe437b34e3f457ec7ed1b266c54cf1dfd7af024a9f368e7ba51c2 195416 libtiff4_3.9.4-5+squeeze9_amd64.deb
37d941a3cb33d4a2a97ffce97bd2d8fa28f7439e6f33991a051b0f3783209d90 59414 libtiffxx0c2_3.9.4-5+squeeze9_amd64.deb
7f050b1f590e7e28e1fe8c7c777a420b897b689b787c7a0183851c591710faa0 323014 libtiff4-dev_3.9.4-5+squeeze9_amd64.deb
7804aac340cb20e6e0bce87d3c3d02bf1cc689e85bbd80e3716e38cfb0801fed 302376 libtiff-tools_3.9.4-5+squeeze9_amd64.deb
30030ecd4ea72585c3f0958bd48c44a04ffb96705f130ee780b5bf5ec6c7d954 64746 libtiff-opengl_3.9.4-5+squeeze9_amd64.deb
Files:
8bd02077335b7e4897ce5a6b9920b97b 2568 libs optional tiff_3.9.4-5+squeeze9.dsc
2006c1bdd12644dbf02956955175afd6 1436968 libs optional tiff_3.9.4.orig.tar.gz
fa41d61dbf889e40acb0a8d9b67b9faf 32817 libs optional tiff_3.9.4-5+squeeze9.debian.tar.gz
46ffeb1b6fe37d2b0076f7dd1e4c383c 403970 doc optional libtiff-doc_3.9.4-5+squeeze9_all.deb
4dc640fac92983bf70bd0e8ff4d8afbd 195416 libs optional libtiff4_3.9.4-5+squeeze9_amd64.deb
6257b39d5c25a1f60652d7681d36fed0 59414 libs optional libtiffxx0c2_3.9.4-5+squeeze9_amd64.deb
16c6e3edb67da37f99a47c93a234b414 323014 libdevel optional libtiff4-dev_3.9.4-5+squeeze9_amd64.deb
1500f984fc7ebd4332fbe52436b0d8ee 302376 graphics optional libtiff-tools_3.9.4-5+squeeze9_amd64.deb
49d97876047d66f6df753b3914ec6d8a 64746 graphics optional libtiff-opengl_3.9.4-5+squeeze9_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJRvnCUAAoJELjWss0C1vRzBKUf/RfE4f+SsbRkx3ehTFjAmm0G
wTHQqxmkFe6hJquEGAWhUxamNjKay24d6k+e5NB/9Pw/05VIwmY2lMsqj5RMwK80
kXS2iXb46RH7uS9Wn4OUmjGwCDFd5E7jmRsJ+tLfn6RrLZpKqoWAJeEkq0u/LFaS
wu0HqPs5CYuYskxocAFLqaU5ImAbvI6bCu+U0r0f8aNmoqMCDAV5FGyXyjb3SmjV
zo+n9jBSGIlJGcfEjFCXc5BhWTF0aWoIM9McGGVJ8bZQ+avqtVOcyrXdjldXgzCj
IGzT6YWbtJpAR9zn9A4+8wgYqb1xQqiPg3uvThFJngxG0njVWU0M4E3z/+Sf1rOD
N0w0eSRsZzhytdtqhK9KsYLZ5eHWUuGE7ngCrrLbgKlXabIqT7lw838Q4HNPigBa
XQWP2r0Rs1zj5FVBGOQbCEOVpLW8NV/V+egUeHEr3zckah45tXUSciO0jPEmcgCK
VBJQSp0QXY+Q0eR+BnM8mumXLGhVHqZBUnYumLUThoKoa7xYAXwEtO+FU5IkARTw
LfKFpSmqx0fORgYeKtdDT8qE40X8GDDIOB201RZghClF3UFpSQFSJpXmNHDuGkkr
dEB97/xQVizBj7RDyooytf9ERpQouMFTaNG2m3NVUc5GFdet/4txudrKkb15Ac2O
Nl8YSAyVHE8U5/7NxPfwJ4/P/5wXMIS7lxN+6uokj25DEdqWQijbhPdQ8AsmedYv
JhSUrOHllGP66LdKkI8B7Hm1WwjB4OpZjPaR7jLoQ821QucbjRfyDQ5dMaFA4I7i
L37x/oSjRklGdSF3WPFU+u8vit/9X5DKx7f9yV9ggDqC+2Shso//orY+98i7p/aB
AJCbrdb3xM+Vp5mcgCBqMAJIXXqPn82Zqk62QXVg2e3GQY3oJssJmT0P601Io629
16W23+dicnpjO7Y6HE7O69y+yqhgo1ZH7MAh/lpsBL3ej0y8G/WJZ7i0dWJL2DaA
AcAuU9bIg4Aui5Cs8H+3Sr2C9omikIu2OsTnjhWMF5S/HBEvf7qjPUO7u0tM/bke
/1JYUp9wyjNDpSVmbHQKlOG8b2xVrYUcFkmDE0SmBRdn8PlH+K4HmEOMhfHyQ5sZ
FfssOcZv94C7pZ4vhueLix/VIgVgPd0poCanjNAV6bokhcUhFw65MWw6TYTyenRZ
2NQs3aRXT40ao4pUD9+9PxEkw0N3qgT8zAJOGe9igOsilh+2OdDmUimfIep57uKC
YRb+bsCRyc3NjuRIr7J3OL+6iZpaA4e7egqmkj6VrxWAXGRJHFXJVMOnToN+1g/d
q+ODwZzvDBP7XgI2dpQJDH00wTVwM3aE3uISdHxEV/dikdtSLtBSf/q/IBcteC8=
=JILD
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#706675; Package libtiff-tools.
(Sat, 29 Jun 2013 17:48:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Ian Zimmerman <itz@buug.org>:
Extra info received and forwarded to list. Copy sent to Jay Berkenbilt <qjb@debian.org>.
(Sat, 29 Jun 2013 17:48:04 GMT) (full text, mbox, link).
Message #27 received at 706675@bugs.debian.org (full text, mbox, reply):
Is the tiff3 package in wheezy affected (and its derived binary packages
like libtiff4) ? Should they be fixed?
--
Please *no* private copies of mailing list or newsgroup messages.
gpg public key: 1024D/C6FF61AD
fingerprint: 66DC D68F 5C1B 4D71 2EE5 BD03 8A00 786C C6FF 61AD
Funny pic: http://bit.ly/ZNE2MX
Reply sent
to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility.
(Tue, 23 Jul 2013 21:03:09 GMT) (full text, mbox, link).
Notification sent
to Henri Salo <henri@nerv.fi>:
Bug acknowledged by developer.
(Tue, 23 Jul 2013 21:03:09 GMT) (full text, mbox, link).
Message #32 received at 706675-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 4.0.2-6+deb7u1
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 706675@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 17 Jun 2013 01:27:17 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.2-6+deb7u1
Distribution: stable-security
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 706674 706675
Changes:
tiff (4.0.2-6+deb7u1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix cve-2013-1960: heap-based buffer overlow in tiff2pdf
(closes: #706675).
* Fix cve-2013-1961: stack-based buffer overflow in tiff2pdf
(closes: #706674).
Checksums-Sha1:
4d29dfad98b27716bbce4e67c2119c0fb989626d 2848 tiff_4.0.2-6+deb7u1.dsc
d84b7b33a6cfb3d15ca386c8c16b05047f8b5352 2022814 tiff_4.0.2.orig.tar.gz
f192e3c558016011caf9ef8602eb889dc0223703 22686 tiff_4.0.2-6+deb7u1.debian.tar.gz
d7e2ffc416ab2c45e6de40b144a76a97d48b44ea 413228 libtiff-doc_4.0.2-6+deb7u1_all.deb
faf12592570115587cd8515c04a29ee6648494b8 234394 libtiff5_4.0.2-6+deb7u1_amd64.deb
384aea24c9cb5902af363e980c3e8eda55752226 73424 libtiffxx5_4.0.2-6+deb7u1_amd64.deb
d41c6d7f157055a2430087b4ce7efbcbf9c0e7bf 376610 libtiff5-dev_4.0.2-6+deb7u1_amd64.deb
4f84762f5be6ff84a62522d31211cce271b2cc7c 296552 libtiff5-alt-dev_4.0.2-6+deb7u1_amd64.deb
4de3f1f18e9e3eb0d0ccd7a6bf250793173aca29 335824 libtiff-tools_4.0.2-6+deb7u1_amd64.deb
592de6a0b8270efac6915b541bf4c5dda3b47d02 78966 libtiff-opengl_4.0.2-6+deb7u1_amd64.deb
Checksums-Sha256:
5f944ef011bb4285934522168e9671503ce173bb2de1edfd718a193ca93679ce 2848 tiff_4.0.2-6+deb7u1.dsc
aa29f1f5bfe3f443c3eb4dac472ebde15adc8ff0464b83376f35e3b2fef935da 2022814 tiff_4.0.2.orig.tar.gz
6f4be45ef68b5edc157f3f233611bb76cd5de773943b993ec56f1f32a4d216bc 22686 tiff_4.0.2-6+deb7u1.debian.tar.gz
bab53d8f655d39b9f8dc78edbfe3c2e4f3f353a5325370e2397ffd2ab0de75ad 413228 libtiff-doc_4.0.2-6+deb7u1_all.deb
80322fdb880b72f44ddb254455a10befdfcdb57973c1d0d63e7d9812c1392ad2 234394 libtiff5_4.0.2-6+deb7u1_amd64.deb
1bbdb8cbfe4f4655fea4d53b70101d05e9415ee3998ecad519a434b94c86fff6 73424 libtiffxx5_4.0.2-6+deb7u1_amd64.deb
48e500813972ef7741cef689fa61b6d6e5e7cb11698da68cbc71e51cfb86be0b 376610 libtiff5-dev_4.0.2-6+deb7u1_amd64.deb
ed9148e0707306fae2956c71e5c80b657b739de41953c0aec54b503a278c86c0 296552 libtiff5-alt-dev_4.0.2-6+deb7u1_amd64.deb
d7fa359c01ad30f42a3b044cac8ccadc7b598a68a9ae9e16c29b327a779729a7 335824 libtiff-tools_4.0.2-6+deb7u1_amd64.deb
7c0a677bea9e6cc439ee69090ae5131edadebf98cd0c00a112f2a7b079ff83ce 78966 libtiff-opengl_4.0.2-6+deb7u1_amd64.deb
Files:
3ec4f3046789270c0cb1a52efb0bb1b4 2848 libs optional tiff_4.0.2-6+deb7u1.dsc
04a08fa1e07e696e820a0c3f32465a13 2022814 libs optional tiff_4.0.2.orig.tar.gz
f40ec185909fd358065e666162117a77 22686 libs optional tiff_4.0.2-6+deb7u1.debian.tar.gz
c162b64c9ff7b4a541cd8373b6331730 413228 doc optional libtiff-doc_4.0.2-6+deb7u1_all.deb
4bdb741aa420e195582f3700d13eb77a 234394 libs optional libtiff5_4.0.2-6+deb7u1_amd64.deb
9a79be0c6c98fb9c4cc97c3ac8208362 73424 libs optional libtiffxx5_4.0.2-6+deb7u1_amd64.deb
3bb94165a2f6fa954db322885ebcad85 376610 libdevel optional libtiff5-dev_4.0.2-6+deb7u1_amd64.deb
c7934928d8f736303a78910a2695c6ba 296552 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u1_amd64.deb
e562b655c637699f53c4c5b85db720c8 335824 graphics optional libtiff-tools_4.0.2-6+deb7u1_amd64.deb
7cb559e48cd258fe993609d7ed8173e9 78966 graphics optional libtiff-opengl_4.0.2-6+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJRvnBxAAoJELjWss0C1vRzL9If/jJH40qCbVcpf0DhZSm0zRkt
OeyFfnBi3ArjoMscWTSxZAHNTULzXsjhnqAzcCOZiEOn08bsmpndo7rHp2vAME3F
u5iAgs+aOgD4bvzgyO8gz4bBQgaKHqiKS24PZ7v33cko4QQJwzMdxVfLuCzyDgYo
uAgo41Ydk23U9fxns4k39Sgh7G0fDqZh5Gckmh4RnqYizj1a/wXPcj1NHEDqr/2/
mjuWlm7navxcNeVVCEd8HAvjb6WLg8V3cmSRUOPKf0jVWWAsLEFsFXadVuKuRs8k
PS9E76E4z7bAKhniJHLc9sh7QxRlKLzOJ2LYEtM1iQ2BiF6ta6Bt+tOxg3yrvYjt
BY9DMne67UvKzctTcT/B59SLXSqYRYAQcdliXqFsXP1jH1U+Vf0Q/HMvxRU1neDZ
9cbEZtT/MHBKv+/ywJOVqJxjwDh6TlkkIeoIgC3s332IXCPtGAuBZSjw7jzlsFZO
s6ixM0x2reJOeRrnz9UKI6JYf+Adj5Mlkq8Ek6qRSu+kJDcpGm4sbpIdIn2C+6Xg
/KANRwur0HVNj0m4cj+eO+lSUVINRHJ3v+vKLuqrFbgWGKpf/t1+Td2QQaD0TDue
HYWahNiRd0ZueIqbuOe+8eHd2Hl+Fm8T8IigOLyhgq+q3qvXiJVNzapCROg4dr3b
htSSihBgzx+PgI67k4kKWSVrA9H0dg2Dzg/g4LhMcG0jHtTF+GlHfUYcfkOmn4AX
9bI3WvmSyp5pEcytCfeXbTRrcojYOx9TUR8fxjak82X5o0cBtyvq3Iy08fBvUO1+
6yZ2zIMpik1qGXa/wv+H+sUq68C5hu3+vAnApiqKi/dexwVs5nc+erJAgmsXrx1J
hEbGaoZjlligp+AFKRr19IBZuPEX6iy+Pg/Rc2eUmeFwVG8Cr81rmpagLsLFco71
v4dHPTEG6qHI4+PRXskPrGLgHhpN0driMmS0TwSKwTr5IDYTnbxRwDBu5sLKxgtA
kAwLSaFDGoVVW1ST6GqUOwWb11pp/JPI9Yqj6OOuRltyDe4q7KEHnnGtzs72e2Jt
E9rLjGKQX/55VRXeiQwobLmkEMKr2v1Vn3fUqCvnEya8H9dXQUPsOKDSTjM3LQSI
kKnbuCbGNmYQ68YnEvGmQq8vEMQLZDYr2r7CrvfPG052FnYJ87eEY0yC3AvcBZyj
ytyusha2W6E2zgALKh/vgUT8NqkTF9RF6t3pdw9SsObeEePaA6xNNeGUPrSDgjiC
VVSrTwPCzWQxqHBo+u4QeA1bM20cDyeOxakTwF/bN3JJ9d7nMpGLWcYiV8MTJNpI
/e0NsggbyP23NTQTlXUX8+ieIqSdiBq6D434r3Wx72fKEjbrJkyLXcdZ2jxQpSA=
=hgub
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 21 Aug 2013 07:31:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:21:13 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon