tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130

Debian Bug report logs - #776185
tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130

Date: Sun, 25 Jan 2015 07:46:27 +0100

Source: tiff
Version: 4.0.3-12
Severity: grave
Tags: security upstream
Justification: user security hole

Hi,

the following vulnerabilities were published for tiff.

CVE-2014-8127[0]:
various out-of-bound reads

CVE-2014-8128[1]:
various out-of-bounds write

CVE-2014-8129[2]:
various out-of-bound read and write

CVE-2014-8130[3]:
divide by zero

If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.

Note that at the time of the advisory, for three of the reported
issues, there was not fix in CVS HEAD yet. The individual bugs are
also linked from the security-tracker.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2014-8127
    http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
[1] https://security-tracker.debian.org/tracker/CVE-2014-8128
    http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
[2] https://security-tracker.debian.org/tracker/CVE-2014-8129
    http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
[3] https://security-tracker.debian.org/tracker/CVE-2014-8130
    http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
[4] http://www.openwall.com/lists/oss-security/2015/01/24/15

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Message #10 received at 776185@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: 776185@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130

Date: Sat, 21 Feb 2015 18:31:56 +0100

severity 776185 important
retitle 776185 tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8130
thanks

On Sun, Jan 25, 2015 at 07:46:27AM +0100, Salvatore Bonaccorso wrote:
> Source: tiff
> Version: 4.0.3-12
> Severity: grave
> Tags: security upstream
> Justification: user security hole
> 
> Hi,
> 
> the following vulnerabilities were published for tiff.
> 
> CVE-2014-8127[0]:
> various out-of-bound reads
> 
> CVE-2014-8128[1]:
> various out-of-bounds write
> 
> CVE-2014-8129[2]:
> various out-of-bound read and write
> 
> CVE-2014-8130[3]:
> divide by zero

CVE-2014-8127 is fixed in 4.0.3-12.1 except the sub-issue from
http://bugzilla.maptools.org/show_bug.cgi?id=2500 

CVE-2014-8128 is fixed in 4.0.3-12.1 except the sub-issues from
http://bugzilla.maptools.org/show_bug.cgi?id=2499 and 
http://bugzilla.maptools.org/show_bug.cgi?id=2501

CVE-2014-8129 is fixed in 4.0.3-12.1

Lowering severity.

Cheers,
        Moritz

Message #19 received at 776185@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: 776185@bugs.debian.org

Subject: Re: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130

Date: Sat, 14 Mar 2015 19:54:37 +0100

 
> CVE-2014-8128 is fixed in 4.0.3-12.1 except the sub-issues from
> http://bugzilla.maptools.org/show_bug.cgi?id=2499 and 
> http://bugzilla.maptools.org/show_bug.cgi?id=2501

Bug 2501 is fixed in 4.0.3-12.2

Cheers,
        Moritz

Message #24 received at 776185@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>

To: 776185@bugs.debian.org

Subject: Re: tiff: CVE-2014-8127 CVE-2014-8128 CVE-2014-8129 CVE-2014-8130

Date: Sat, 02 May 2015 03:56:07 +0100

[Message part 1 (text/plain, inline)]

Here's a summary of all the separate bugs which for some reason got
grouped together into only 4 CVE IDs.  I'm also attaching all the
samples that were provided to reproduce these (which are tiny).

N.B. that although all these bugs were reported against specific tools,
most bugs are in libtiff itself.  This means tiff3 in wheezy is still
affected!

I tested all these in squeeze-lts while preparing an update there and
included the results below.

The giant "Fix various crasher bugs on fuzzed images" change addresses
parts of CVE-2014-{8127,8128,8129} and CVE-2014-9330, but only the part
addressing the last issue has been applied in sid.  I expect the wheezy
and jessie updates were similar but didn't check.

Ben.

CVE-2014-8127
- thumbnail: http://bugzilla.maptools.org/show_bug.cgi?id=2484
  - repro: thumbnail 01_thumbnail.tiff out.tiff
    - squeeze: no segv, errors detected by valgrind
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * tools/pal2rgb.c, tools/thumbnail.c: fix crash by disabling TIFFTAG_INKNAMES
    copying. The right fix would be to properly copy it, but not worth the burden
    for those esoteric utilities.
    http://bugzilla.maptools.org/show_bug.cgi?id=2484 (CVE-2014-8127)
  - patch: CVE-2014-8127.patch
  - fix result:
    - squeeze: still has an invalid read but appears to be harmless
- tiff2bw: http://bugzilla.maptools.org/show_bug.cgi?id=2485
  - repro: tiff2bw 04_tiff2bw.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * tools/tiff2bw.c: when Photometric=RGB, the utility only works if
    SamplesPerPixel = 3. Enforce that
    http://bugzilla.maptools.org/show_bug.cgi?id=2485 (CVE-2014-8127)
  - patch: tools-tiff2bw.c-when-photometric-rgb-the-utility-onl.patch
  - fix result:
    - squeeze: no regression
- tiff2rgba: http://bugzilla.maptools.org/show_bug.cgi?id=2486
  - repro: tiff2rgba 09_tiff2rgba.tiff out.tiff
    - squeeze: no segv, errors detected by valgrind
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    Fix various crasher bugs on fuzzed images.
    * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
    TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
    the directory
    * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or
    TransferFunction if BitsPerSample has not yet been read, otherwise reading
    it later will cause user code to crash if BitsPerSample > 1
    * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
    SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
    * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images
    instead of imagewidth to avoid crash
    * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions
    * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by
    libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
    * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight
    * tools/tiffdump.c: fix crash due to overflow of entry count.
    - patch: fix-various-crasher-bugs-on-fuzzed-images.patch
  - fix result:
    - squeeze: fixed
- tiff2ps & tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2496
  - repro: tiff2ps -O out.ps 08_tiff2ps.tiff
    - squeeze: no segv, no error detected by valgrind
  - repro: tiffdither 12_tiffdither.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: 2014-12-23  Even Rouault  <even.rouault@spatialys.com>
    * libtiff/tif_read.c: fix several invalid comparisons of a uint64 value with
    <= 0 by casting it to int64 first. This solves crashing bug on corrupted
    images generated by afl.
  - patch: libtiff-tif_read.c-fix-several-invalid-comparisons-o.patch
    - squeeze: This is not applicable without other changes to use 64-bit bytecount
- tiffmedian: http://bugzilla.maptools.org/show_bug.cgi?id=2497
  - repro: tiffmedian 16_tiffmedian.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: 2014-12-23  Even Rouault  <even.rouault@spatialys.com>
    * libtiff/tif_read.c: fix several invalid comparisons of a uint64 value with
    <= 0 by casting it to int64 first. This solves crashing bug on corrupted
    images generated by afl.
  - patch: libtiff-tif_read.c-fix-several-invalid-comparisons-o.patch
    - squeeze: This is not applicable without other changes to use 64-bit bytecount
- tiffset: http://bugzilla.maptools.org/show_bug.cgi?id=2500
  - repro: cp 19_tiffset.tiff out.tiff && tiffset out.tiff
    - squeeze: segv

CVE-2014-8128
- [0] thumbnail: http://bugzilla.maptools.org/show_bug.cgi?id=2489
  - repro: thumbnail 03_thumbnail.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * tools/thumbnail.c: fix out-of-buffer write
    http://bugzilla.maptools.org/show_bug.cgi?id=2489 (CVE-2014-8128)
    - patch: CVE-2014-8128-1.patch
  - fix result:
    - squeeze: no regression
- [1] tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2490
  - repro: tiffdither 11_tiffdither.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: unknown, "Doesn't crash for me with libtiff CVS head."
- [2] tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2491
  - repro: tiffdither 13_tiffdither.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: unknown, "Doesn't crash for me with libtiff CVS head."
- [3] tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2492
  - repro: tiffdither 14_tiffdither.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
    http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)
    - patch: CVE-2014-8129.patch
  - fix result:
    - squeeze: no regression
- [4] thumbnail & tiffcmp: http://bugzilla.maptools.org/show_bug.cgi?id=2493
  - repro: thumbnail 02_thumbnail.tiff out.tiff
    - squeeze: segv
  - repro: tiffcmp 10_tiffcmp.tiff 00_basefile.tiff
    - squeeze: segv
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * tools/thumbnail.c, tools/tiffcmp.c: only read/write TIFFTAG_GROUP3OPTIONS
    or TIFFTAG_GROUP4OPTIONS if compression is COMPRESSION_CCITTFAX3 or
    COMPRESSION_CCITTFAX4
    http://bugzilla.maptools.org/show_bug.cgi?id=2493 (CVE-2014-8128)
    - patch: CVE-2014-8128-2.patch
  - fix result:
    - squeeze: segv's fixed, but first sample still has an invalid read
- [5] tiff2pdf: http://bugzilla.maptools.org/show_bug.cgi?id=2495
  - repro: tiff2pdf 06_tiff2pdf.tiff
    - squeeze: segv
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    Fix various crasher bugs on fuzzed images.
    * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
    TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
    the directory
    * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or
    TransferFunction if BitsPerSample has not yet been read, otherwise reading
    it later will cause user code to crash if BitsPerSample > 1
    * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
    SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
    * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images 
    instead of imagewidth to avoid crash
    * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions
    * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by
    libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
    * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight
    * tools/tiffdump.c: fix crash due to overflow of entry count.
    - patch: fix-various-crasher-bugs-on-fuzzed-images.patch
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * tools/tiff2pdf.c: check return code of TIFFGetField() when reading
    TIFFTAG_SAMPLESPERPIXEL
    - patch: CVE-2014-8128-3.patch
  - fix result:
    - squeeze: fixed
- [6] thumbnail & tiffcmp: http://bugzilla.maptools.org/show_bug.cgi?id=2499
  - repro: thumbnail 17_thumbnail.tiff out.tiff
    - squeeze: no segv, error detected by valgrind
  - repro: tiffcmp 00_basefile.tiff 18_tiffcmp.tiff
    - squeeze: segv
  - fix: http://bugzilla.maptools.org/attachment.cgi?id=622 http://bugzilla.maptools.org/attachment.cgi?id=623
    - patch: CVE-2014-8128-5-fixed.patch
    - regression: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/1439186
  - fix result:
    - squeeze: segv fixed; first sample still has an invalid read and
      use of uninitialized value but appears to be harmless
- [7] tiffdither: http://bugzilla.maptools.org/show_bug.cgi?id=2501 
  - repro: tiffdither 20_tiffdither.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - repro: tiffdither 21_tiffdither.tiff out.tiff
    - squeeze: no segv, no error detected by valgrind
  - fix: 2015-03-02  Even Rouault  <even.rouault@spatialys.com>
    * tools/tiffdither.c: check memory allocations to avoid writing to
    NULL pointer. Also check multiplication overflow. Fixes #2501,
    CVE-2014-8128. Derived from patch by Petr Gajdos.
    /cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
    new revision: 1.992; previous revision: 1.991
    /cvs/maptools/cvsroot/libtiff/tools/tiffdither.c,v  <--  tools/tiffdither.c
    new revision: 1.15; previous revision: 1.14
    - patch: CVE-2014-8128-4.patch
  - fix result:
    - squeeze: no regression

CVE-2014-8129
- http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
  - repro: tiff2pdf -o out.pdf 05_tiff2pdf.tiff
    - squeeze: segv
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    * libtiff/tif_next.c: check that BitsPerSample = 2. Fixes
    http://bugzilla.maptools.org/show_bug.cgi?id=2487 (CVE-2014-8129)
    - patch: CVE-2014-8129.patch
  - fix result:
    - squeeze: fixed
- http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf)
  - repro: tiff2pdf -o out.pdf 07_tiff2pdf.tiff
    - squeeze: segv
  - fix: 2014-12-21  Even Rouault  <even.rouault@spatialys.com>
    Fix various crasher bugs on fuzzed images.
    * libtiff/tif_dir.c: TIFFSetField(): refuse to set negative values for
    TIFFTAG_XRESOLUTION and TIFFTAG_YRESOLUTION that cause asserts when writing
    the directory
    * libtiff/tif_dirread.c: TIFFReadDirectory(): refuse to read ColorMap or
    TransferFunction if BitsPerSample has not yet been read, otherwise reading
    it later will cause user code to crash if BitsPerSample > 1
    * libtiff/tif_getimage.c: TIFFRGBAImageOK(): return FALSE if LOGLUV with
    SamplesPerPixel != 3, or if CIELAB with SamplesPerPixel != 3 or BitsPerSample != 8
    * libtiff/tif_next.c: in the "run mode", use tilewidth for tiled images 
    instead of imagewidth to avoid crash
    * tools/bmp2tiff.c: fix crash due to int overflow related to input BMP dimensions
    * tools/tiff2pdf.c: fix crash due to invalid tile count (should likely be checked by
    libtiff too). Detect invalid settings of BitsPerSample/SamplesPerPixel for CIELAB / ITULAB
    * tools/tiffcrop.c: fix crash due to invalid TileWidth/TileHeight
    * tools/tiffdump.c: fix crash due to overflow of entry count.
    - patch: fix-various-crasher-bugs-on-fuzzed-images.patch
  - fix result:
    - squeeze: fixed

CVE-2014-8130
- http://bugzilla.maptools.org/show_bug.cgi?id=2483
  - repro: tiffdither 15_tiffdither.tiff out.tiff
    - squeeze: no segv, no error reported by valgrind
  - fix: unknown, "I cannot reproduced with latest libtiff CVS head."


-- 
Ben Hutchings
Q.  Which is the greater problem in the world today, ignorance or apathy?
A.  I don't know and I couldn't care less.

[samples.tar.gz (application/x-compressed-tar, attachment)]

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 776185-close@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>

To: 776185-close@bugs.debian.org

Subject: Bug#776185: fixed in tiff 4.0.2-6+deb7u4

Date: Wed, 27 May 2015 07:32:31 +0000

Source: tiff
Source-Version: 4.0.2-6+deb7u4

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 776185@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <ondrej@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 27 Mar 2015 16:05:23 +0100
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff5-alt-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.2-6+deb7u4
Distribution: wheezy-security
Urgency: medium
Maintainer: Ondřej Surý <ondrej@debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff5   - Tag Image File Format (TIFF) library
 libtiff5-alt-dev - Tag Image File Format library (TIFF), alternative development fil
 libtiff5-dev - Tag Image File Format library (TIFF), development files
 libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 773987 776185
Changes: 
 tiff (4.0.2-6+deb7u4) wheezy-security; urgency=medium
 .
   * Pull upstream security bugs from git cvsimported sources, this fixes
     many security bugs (CVE-2014-9330, CVE-2014-8127, CVE-2014-8129,
     CVE-2014-8128, CVE-2014-9655) (Closes: #773987, #776185)
   * The tiff package has a new maintainer
Checksums-Sha1: 
 1278cf951646ed618583fe575d230877b7991e8c 2137 tiff_4.0.2-6+deb7u4.dsc
 ac958ce1a6907e70bde617d43b9949645dcc2a42 40821 tiff_4.0.2-6+deb7u4.debian.tar.gz
 4187ff8aa3ca3a14da60d0f6e27ed1c2fcb7720a 416840 libtiff-doc_4.0.2-6+deb7u4_all.deb
 cd81c47c2176f05e076f36793f6d9759e0b5097f 238286 libtiff5_4.0.2-6+deb7u4_amd64.deb
 b523d60f41a479e22b33ec7721646da592af7e54 77500 libtiffxx5_4.0.2-6+deb7u4_amd64.deb
 be31f1834cf9a4c119833d9b3efb67fda4ff9451 381848 libtiff5-dev_4.0.2-6+deb7u4_amd64.deb
 9b13b5c105d31fb6d5559f2f663a2856804b01dd 300484 libtiff5-alt-dev_4.0.2-6+deb7u4_amd64.deb
 a82a4881e5f701cae33414e39ee5e63731e6ce64 343180 libtiff-tools_4.0.2-6+deb7u4_amd64.deb
 aa60a26f1490699da731e8980327e627a1f1fc31 82840 libtiff-opengl_4.0.2-6+deb7u4_amd64.deb
Checksums-Sha256: 
 3c47f26403201bdfdc8b0a5ba7bd809ad79fb192d135b769989dc33168a8a9b0 2137 tiff_4.0.2-6+deb7u4.dsc
 42b674047bdd39614a39ded47cf3eb93b3d703cb5811801d01c3ea36257d0870 40821 tiff_4.0.2-6+deb7u4.debian.tar.gz
 fed86100af7aaf4710efbf0cb008d46ac1bd13cfbe56328a47833fe7f6c79067 416840 libtiff-doc_4.0.2-6+deb7u4_all.deb
 97e3d363c2d89b89e8af1a5e37daaf841c279683c8df53c54fbc84688ddcc45c 238286 libtiff5_4.0.2-6+deb7u4_amd64.deb
 da611f8169db5a042bc80d10213c0bc739ddb071f896b8234b68bca9f7cbf5af 77500 libtiffxx5_4.0.2-6+deb7u4_amd64.deb
 212a06506c57fd7ad696dd6b5f60ea36c79bc17c8dee34773f01d1a0b8029b2f 381848 libtiff5-dev_4.0.2-6+deb7u4_amd64.deb
 d9206a2d3def5972b41908b1fb0f9b334900594db72aaa4d8ec84d00d84e5338 300484 libtiff5-alt-dev_4.0.2-6+deb7u4_amd64.deb
 5115a3b30e63b2851688c4f2a7d11a72f9747436bfbd5b9203a35cbc6067abf2 343180 libtiff-tools_4.0.2-6+deb7u4_amd64.deb
 70199ddcc307d926ccb0665dc6aea915bde612df94b6050c1399fcb56f1a46a1 82840 libtiff-opengl_4.0.2-6+deb7u4_amd64.deb
Files: 
 55e06d2560eb0b32d68866f0db85c732 2137 libs optional tiff_4.0.2-6+deb7u4.dsc
 6ee30d57e87998c900306cda447bc8b6 40821 libs optional tiff_4.0.2-6+deb7u4.debian.tar.gz
 9bd4e9d800b662d1d4131396865b5121 416840 doc optional libtiff-doc_4.0.2-6+deb7u4_all.deb
 8908d66e098a5dc9b8061808e63f52e4 238286 libs optional libtiff5_4.0.2-6+deb7u4_amd64.deb
 f08d2132ff0ed3da83af1ea9689fe9bb 77500 libs optional libtiffxx5_4.0.2-6+deb7u4_amd64.deb
 20e7e93b3a8a4b933ade942223bb3d6c 381848 libdevel optional libtiff5-dev_4.0.2-6+deb7u4_amd64.deb
 562ed53263a4c85a45abae2bf8d5288e 300484 libdevel optional libtiff5-alt-dev_4.0.2-6+deb7u4_amd64.deb
 46881beb9d1745e5a06dc438fc4b4e19 343180 graphics optional libtiff-tools_4.0.2-6+deb7u4_amd64.deb
 1dd35d7f5fbfe03d9658f62ba44b6512 82840 graphics optional libtiff-opengl_4.0.2-6+deb7u4_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJVY4TtAAoJEBDCk7bDfE420NsQALSYDBNolj+aikH/aJ8wY67e
3X3xk1DcV/uzfWW4EpZMq/oifmNFKXZQqjbNB6Rcyu6berk0M4gJ8ZHUrTPJgoY9
ikIA6XtnlhFhPS/98f9iKUJz1wwmfOkrq1e3BceYhy8ouKziYiYP7MIrBIBYXwE/
sCSiOYQe5fF7qxF/xRPblMiCWEafapW7X4tIpnyHQ+WhKWx5gm0RhGfVI0tzFEEO
3vflgY1Mo/QW2c/7UOo/b7pnCr+Jwzt6nfuqBlfo3i0kyJYZuWX0gT6EwbLcFMv8
cnFtMj2aadLk1sWj8sYB8VOz8ICN2h/r/7BWtn+vzk9FUvsy0KksYFOe+ShUp1lV
/t10eo+bUzOtQrs54kTRDJQjKuegBY7t0+HO7QS8eT3A83DU2ZvxZDi3Kni+HV4a
YlbF6I9WbPmeM3cXgSKeXUnzv5CdTt8nP91KNWPtIaPhgRREkahB6IlCVcbGEkGw
8xw0KQndD3HD46pIoi82DjCGdKyEEBZ/wW1Hsn37iOSUvB8DJffMST6KfxVr4uO2
xp6CJ/ymTqMIyVmQtqsJ3aDkPCQXIr6EacEpMVPdkvs/eId2j4rXM1YbJ6R34uyP
hScJ5JDwtiie+864pzobOoH92cOfzQDpTEiyiCSOgLqoU4AcYpKqLP1JHbGZHk2K
NmLLkynMkxrdBzgE4sTZ
=EmgY
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.