Debian Bug report logs -
#619614
CVE-2011-1167
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Fri, 25 Mar 2011 15:33:02 UTC
Severity: grave
Tags: security
Fixed in version tiff/3.9.4-9
Done: Jay Berkenbilt <qjb@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#619614; Package tiff.
(Fri, 25 Mar 2011 15:33:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Jay Berkenbilt <qjb@debian.org>.
(Fri, 25 Mar 2011 15:33:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: tiff
Severity: grave
Tags: security
Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1167
for details.
Cheers,
Moritz
-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs37-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#619614; Package tiff.
(Sat, 02 Apr 2011 14:57:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Jay Berkenbilt <qjb@debian.org>:
Extra info received and forwarded to list.
(Sat, 02 Apr 2011 14:57:06 GMT) (full text, mbox, link).
Message #10 received at 619614@bugs.debian.org (full text, mbox, reply):
Moritz Muehlenhoff <muehlenhoff@univention.de> wrote:
> Package: tiff
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1167
> for details.
Sorry for the delay...working this issue now, and preparing packages for
oldstable and stable as well.
Reply sent
to Jay Berkenbilt <qjb@debian.org>:
You have taken responsibility.
(Sat, 02 Apr 2011 16:33:07 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer.
(Sat, 02 Apr 2011 16:33:07 GMT) (full text, mbox, link).
Message #15 received at 619614-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 3.9.4-9
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive:
libtiff-doc_3.9.4-9_all.deb
to main/t/tiff/libtiff-doc_3.9.4-9_all.deb
libtiff-opengl_3.9.4-9_amd64.deb
to main/t/tiff/libtiff-opengl_3.9.4-9_amd64.deb
libtiff-tools_3.9.4-9_amd64.deb
to main/t/tiff/libtiff-tools_3.9.4-9_amd64.deb
libtiff4-dev_3.9.4-9_amd64.deb
to main/t/tiff/libtiff4-dev_3.9.4-9_amd64.deb
libtiff4_3.9.4-9_amd64.deb
to main/t/tiff/libtiff4_3.9.4-9_amd64.deb
libtiffxx0c2_3.9.4-9_amd64.deb
to main/t/tiff/libtiffxx0c2_3.9.4-9_amd64.deb
tiff_3.9.4-9.debian.tar.gz
to main/t/tiff/tiff_3.9.4-9.debian.tar.gz
tiff_3.9.4-9.dsc
to main/t/tiff/tiff_3.9.4-9.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 619614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <qjb@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 02 Apr 2011 10:59:38 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 3.9.4-9
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff4 - Tag Image File Format (TIFF) library
libtiff4-dev - Tag Image File Format library (TIFF), development files
libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 619614
Changes:
tiff (3.9.4-9) unstable; urgency=high
.
* CVE-2011-1167: correct potential buffer overflow with thunder encoded
files with wrong bitspersample set. (Closes: #619614)
Checksums-Sha1:
2ab870aa97fe6b0ae2d9dcf91a49ad4c9deb4943 1855 tiff_3.9.4-9.dsc
5c7d89b65156d54aae06490342677b9b0c8653f0 17407 tiff_3.9.4-9.debian.tar.gz
4c02d60f8c8db7e03e01db11759abd8fc1f3ffd7 386452 libtiff-doc_3.9.4-9_all.deb
81b6e1b17a9c4e18c98e07f00449fc2f69340613 196922 libtiff4_3.9.4-9_amd64.deb
b4ba4874cf23f115d95584751dfb19eb9010a55a 59612 libtiffxx0c2_3.9.4-9_amd64.deb
da88c43783f91e75340860dbd7ec8eb4d289f560 331306 libtiff4-dev_3.9.4-9_amd64.deb
7554fb73974582b738bef0ef7221b2c827674a01 320814 libtiff-tools_3.9.4-9_amd64.deb
47aa3aa2f4f6ca75b2a5c42be9a300faa72efaa1 65170 libtiff-opengl_3.9.4-9_amd64.deb
Checksums-Sha256:
1756e8d61155af4ac3a2110bfa582d5944bf4c5e89184ebfbc6430c4db2d393e 1855 tiff_3.9.4-9.dsc
81b878089e94763a5c5a471cd140c9c6497d35e6c0be8f712357f30576f98bea 17407 tiff_3.9.4-9.debian.tar.gz
abb8ed94a880e7ffe76289523b9f17d6fd1530630b2c52c826ccb9fcaa676707 386452 libtiff-doc_3.9.4-9_all.deb
d0d33878ccd8eec52eb35ecbbf288b09e1eeac122ca2d847449a8572693a1451 196922 libtiff4_3.9.4-9_amd64.deb
eae157be0c5f05c461659990ec45616d8e3d4c061f6643bdcd8053f8b44cd003 59612 libtiffxx0c2_3.9.4-9_amd64.deb
fde9e7607662a8236238072462b8cd07aec33066185269051214bce8fb79b25f 331306 libtiff4-dev_3.9.4-9_amd64.deb
191b3fa645fdb19218d32849807d19e906db3d7cc3c85088728780768b3a6afd 320814 libtiff-tools_3.9.4-9_amd64.deb
a61db79125596efbd582a6846e4666e2365b40c6367a9d787481f0d43c85023b 65170 libtiff-opengl_3.9.4-9_amd64.deb
Files:
6a9e6c25c62eb0854c4bc69a64e60e72 1855 libs optional tiff_3.9.4-9.dsc
b13866b547d4a717ea048270b0dd2e47 17407 libs optional tiff_3.9.4-9.debian.tar.gz
d286af11a779aa6d547ea76b1829160c 386452 doc optional libtiff-doc_3.9.4-9_all.deb
40e1d8757e4330ad03769d0d3d2915f8 196922 libs optional libtiff4_3.9.4-9_amd64.deb
963434e9f757a93859eee96e82df115a 59612 libs optional libtiffxx0c2_3.9.4-9_amd64.deb
96ee424441daa2f82b6afbc9447f6d9b 331306 libdevel optional libtiff4-dev_3.9.4-9_amd64.deb
af2b4139788f5b09e365d692c5ccef24 320814 graphics optional libtiff-tools_3.9.4-9_amd64.deb
9ca7656234ac50f1b9ea8b44587055bb 65170 graphics optional libtiff-opengl_3.9.4-9_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIcBAEBAgAGBQJNl0w6AAoJEIp10QmYASx+6M0QAJCEC67yUQgsikluYmVNSR1z
dml9gcATLrlU840kYADjPMV6/igdfwHw8y5KmWh0i2wBz2LLfX02YOpDvQa+DoAy
biTVSu9jvLAqCgKqCV6RDwHJGJmukA3W47c9TsPf2MTHpTTtN6XDwRNyh/Qafb5S
YLqxdDyuf57PGlUyrPWaREXx67xf4p00bZUB7pbWWF+vvEAv6/4z1oiWC81JebBD
cFSWdRibiTjo0u0NY7sfxpolUkNNfDgjSE+/xzPkbADH9TD9Bfptrj8WEEk+gmDB
xXw2Nv5MAY9hwCkTm8toWp3Pq0JaXPDBNkwQNzbVbdFVWPkUF75XxgVkfyOliylz
rAAkOiQGcj/nNNmBV9r2Bv1e/8tHI8svAJvxyb+vVDdJny4PUekID3u8k6E6SiTL
yep6zCoajW83ZCvct/zg84LqpRLJNZWWxLif98Xl1fVDFv5Y+wTvEfUWHloEvvO+
FqKgi3rnnMPpVtfxXMguLvJGPHEwXIBQxbEE2CeLW41aKIyByjNu3/OrLXtvQNlu
h8kLKT8GqZy/3N2+l10qmyPtnFTOEcNLV/ue/Gk8y1xktMs3W1QLVIANOZkO842q
LD5MtANwBs+rxTIG9PlniMVj8N3DxFUL2so5PYz9SJGeZ9t7sUOwL9Lt7g17EYJv
jcDGC4KJk7HeyK0IVBim
=Qhr0
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 26 Oct 2011 07:34:09 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:35:20 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon