Debian Bug report logs -
#869823
tiff: CVE-2017-11613
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#869823; Package src:tiff.
(Wed, 26 Jul 2017 19:39:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>.
(Wed, 26 Jul 2017 19:39:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: tiff
Version: 4.0.8-1
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for tiff.
CVE-2017-11613[0]:
| In LibTIFF 4.0.8, there is a denial of service vulnerability in the
| TIFFOpen function. A crafted input will lead to a denial of service
| attack. During the TIFFOpen process, td_imagelength is not checked. The
| value of td_imagelength can be directly controlled by an input file. In
| the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc
| function is called based on td_imagelength. If we set the value of
| td_imagelength close to the amount of system memory, it will hang the
| system or trigger the OOM killer.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-11613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11613
[1] https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
Can you check if that was as well reported upstream
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Added tag(s) fixed-upstream.
Request was from bts-link-upstream@lists.alioth.debian.org
to control@bugs.debian.org.
(Thu, 15 Mar 2018 17:36:06 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility.
(Sun, 15 Apr 2018 19:24:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Sun, 15 Apr 2018 19:24:03 GMT) (full text, mbox, link).
Message #16 received at 869823-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 4.0.9-5
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869823@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 15 Apr 2018 18:13:42 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source amd64 all
Version: 4.0.9-5
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
libtiff-dev - Tag Image File Format library (TIFF), development files, current
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 869823 883320 891288
Changes:
tiff (4.0.9-5) unstable; urgency=high
.
* Fix CVE-2017-11613: avoid memory exhaustion in
ChopUpSingleUncompressedStrip() (closes: #869823).
* Fix CVE-2018-7456: NULL pointer dereference in TIFFPrintDirectory()
(closes: #891288).
* Fix CVE-2017-17095: heap-based buffer overflow in pal2rgb tool
(closes: #883320).
* Don't specify parallel to debhelper.
* Update Standards-Version to 4.1.4 .
Checksums-Sha1:
89b5b03490d29c89bdc8d29e5adbca11cfddc0ac 2184 tiff_4.0.9-5.dsc
c7b31db61dd17d89ee488790e1c906bf8f3abce6 22864 tiff_4.0.9-5.debian.tar.xz
bf21c77518a73eda63408a7e1a16fa4c9162d9ed 96320 libtiff-dev_4.0.9-5_amd64.deb
0e3fa54f22ab387932fd212d1f6096d3b1697705 403280 libtiff-doc_4.0.9-5_all.deb
c302361f0ba12dde13e789583909869425d6ed45 13752 libtiff-opengl-dbgsym_4.0.9-5_amd64.deb
be246ae589c9d27b5230fd3fa6704e5423937513 104848 libtiff-opengl_4.0.9-5_amd64.deb
e4a34497cb9bb20e7de6310b26af0ef6f635227e 348292 libtiff-tools-dbgsym_4.0.9-5_amd64.deb
28b6d4ea00c51df2958a0c7657c9495b7d0aa91f 286980 libtiff-tools_4.0.9-5_amd64.deb
f1ae499bf30e7790f59876430f7c3c5b3f2aad1f 376692 libtiff5-dbgsym_4.0.9-5_amd64.deb
1cb41b832591670bda407f6c3492af6f216c5472 367464 libtiff5-dev_4.0.9-5_amd64.deb
8ccdd356549d6dd52ddf3b1d7f5e4ec3b8ded1cb 245632 libtiff5_4.0.9-5_amd64.deb
cfb90d9bd23407bfbfb92027820c81ba880ff0e1 21268 libtiffxx5-dbgsym_4.0.9-5_amd64.deb
8900e34afc3d7353bbf314a6fd93f11c412e1bf3 100044 libtiffxx5_4.0.9-5_amd64.deb
7168331074f126952da9ea23e8efd899a3cc4dbf 12131 tiff_4.0.9-5_amd64.buildinfo
Checksums-Sha256:
f708f46910204e0a009edd7ae709fd7c9a4b467775d36ca4160aab290c195bd6 2184 tiff_4.0.9-5.dsc
5c98180b77457fc5452f3b4fed85862172dbfdb342d7a98e88363e439a669c96 22864 tiff_4.0.9-5.debian.tar.xz
7667bb7574545c2131b7bf9c2dccd072364edd5be94d25255d6558dc64d9ef72 96320 libtiff-dev_4.0.9-5_amd64.deb
776955232fb4606537a2282ebbc6c307587201823cede71328e0cc5e43de987c 403280 libtiff-doc_4.0.9-5_all.deb
615e9c1ed3f6c89dfd43671c208a621dd1e5129ce0a97cd897255d5fbd2ba621 13752 libtiff-opengl-dbgsym_4.0.9-5_amd64.deb
9d95a4784b10001b736dabedfb5a5a8fd1623769bb9ae527a7e27f8ab0f1e4a0 104848 libtiff-opengl_4.0.9-5_amd64.deb
5022d7ae68a550a079c6ba2b8c8d632e84f828fd1006e992c1e8ce0be719ebdf 348292 libtiff-tools-dbgsym_4.0.9-5_amd64.deb
1a8d88b79e690e9f504e293f8bdb224f05f2587c2ac4ee104975042ae4708430 286980 libtiff-tools_4.0.9-5_amd64.deb
95a97d09eb954bb0c228c9aad4f6a4f596231fa13675a444fad5a65f0e3c449e 376692 libtiff5-dbgsym_4.0.9-5_amd64.deb
f8585c5ffc1f8ca593ea045f760c91e5c1b2ecaffe33fd2ff35d59e29a962a54 367464 libtiff5-dev_4.0.9-5_amd64.deb
18778122ad6201d8edb41d1bc79fb14415ce51ee83e24d3d0b6a3230fcfbcd9d 245632 libtiff5_4.0.9-5_amd64.deb
8810671bfe2bd766877b4c50ef444937efaf1a2ba654acaa90b2b59270c97aa8 21268 libtiffxx5-dbgsym_4.0.9-5_amd64.deb
64e79614a1a71c2f142ffb7c86a7e41a959c2d18e5bcf8ea9010c102c05d3f1b 100044 libtiffxx5_4.0.9-5_amd64.deb
ac2de2cc65b42ce63c39ddb3fcd06280bb801814a7264f1e9b6a284df0b6b814 12131 tiff_4.0.9-5_amd64.buildinfo
Files:
7c4518cdeb95460173802a748ce76c6e 2184 libs optional tiff_4.0.9-5.dsc
22d7c422438c6270fe7ac79913f86d0d 22864 libs optional tiff_4.0.9-5.debian.tar.xz
225464e88da83a85836b867c5d8f2ddc 96320 oldlibs optional libtiff-dev_4.0.9-5_amd64.deb
99f1c8d8e02fffe5ba05493b640338cf 403280 doc optional libtiff-doc_4.0.9-5_all.deb
18cedeff0aecb5e0dc19e2115c4b2b19 13752 debug optional libtiff-opengl-dbgsym_4.0.9-5_amd64.deb
3c3656858197d4d71da034521c27ef8d 104848 graphics optional libtiff-opengl_4.0.9-5_amd64.deb
7ef79531d8b9d189f1b1cb64ebcd21ff 348292 debug optional libtiff-tools-dbgsym_4.0.9-5_amd64.deb
b413e56e2a5dcb3054fed7f30f745c67 286980 graphics optional libtiff-tools_4.0.9-5_amd64.deb
4be386931aa02908e4d711ce0c09a5e0 376692 debug optional libtiff5-dbgsym_4.0.9-5_amd64.deb
a0fef22485949f76a4ee3c18962d6687 367464 libdevel optional libtiff5-dev_4.0.9-5_amd64.deb
b8f62d32fbfc65dafeb4c163bcefc5c7 245632 libs optional libtiff5_4.0.9-5_amd64.deb
ab2901df81dc64a57bf4d653cae37cb3 21268 debug optional libtiffxx5-dbgsym_4.0.9-5_amd64.deb
ccfc7dc5cea835633b9a292a621b5e48 100044 libs optional libtiffxx5_4.0.9-5_amd64.deb
b932630b31e4e31e6506f79174d0c2c7 12131 libs optional tiff_4.0.9-5_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlrToMYACgkQ3OMQ54ZM
yL+MFxAAojHYv2PylcGrTFNGDBwDLDHjka/8aH33JCoG641qPtlZDLrtw84bPOOW
Y9I0gIA6rJzxH0ajbx6ifTlDzrO5Gon9E6R+DZqTesayjB7iw5X60vIFIqfADolt
USGOAGeU9y2oZTvNKuWXucfszJ0dRJwm7Uz2WZEkRlSQVUv8CMsa8XTk7BoTEo/2
TzDnS5OsX5jXKYZnbbakbpJNfTW+4mFdeVWBIQwhDEDD0yZ4rHr8j50F8vkASbVq
H7IwDerapBgYba7a27wOFmteDw4meeKofokJAM5b4juwlrYzLP1KKEESztLSh4K9
2cHf+vBRSPBsTasuINkW0PhLfAovsf6vkonWrkXqcOzBk8NNwOb1HXO4CO3JmADD
S2TlyXZf6kJLRzLUwZoZZXc6YgVlggDDXt0Tp88C+T5aHafqpsuC0C0bIU+0sueo
cs4QxFK6ptyEz7MQe8nW3Co27flO7CI9uXhWf85VNc1u/0cLxUXchuO1NInPgvhu
qY5pY8BzRciaz4sD1Ctx8j32LxVQjz+lPrVnUgJ6/PgxLUi+jDt1JxrfgKXLwYUz
QiBbN8WeZa1v5vehwHLkZD+bkpRAbwO4d4ojy0L3AhEDV9UwAy/06IR7FjZWuHPS
++tqaIpkbFg+9uVwJ/tm/uXdEZVlrtK6rLpgDzkFJTtovHR8DW4=
=gKts
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 16 May 2018 07:28:01 GMT) (full text, mbox, link).
Bug unarchived.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 21 Oct 2018 19:21:06 GMT) (full text, mbox, link).
Marked as found in versions tiff/4.0.8-2+deb9u2.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Sun, 21 Oct 2018 19:21:07 GMT) (full text, mbox, link).
Severity set to 'grave' from 'important'
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 29 Nov 2018 21:36:03 GMT) (full text, mbox, link).
Reply sent
to Moritz Mühlenhoff <jmm@debian.org>:
You have taken responsibility.
(Mon, 03 Dec 2018 21:51:10 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 03 Dec 2018 21:51:10 GMT) (full text, mbox, link).
Message #29 received at 869823-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 4.0.8-2+deb9u3
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869823@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Nov 2018 20:45:11 +0100
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.8-2+deb9u3
Distribution: stretch-security
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 869823 883320 890441 891288 893806 898348 909037 909038 911635
Changes:
tiff (4.0.8-2+deb9u3) stretch-security; urgency=medium
.
* CVE-2018-5784 (Closes: #890441)
* CVE-2018-7456 (Closes: #891288)
* CVE-2018-8905 (Closes: #893806)
* CVE-2018-10963 (Closes: #898348)
* CVE-2018-17100 (Closes: #909038)
* CVE-2018-17101 (Closes: #909037)
* CVE-2018-18557 (Closes: #911635)
* CVE-2017-11613 (Closes: #869823)
* CVE-2017-17095 (Closes: #883320)
Checksums-Sha1:
2cb52e8c6efcd8c6d38e1c5f6d60192523c51b55 2185 tiff_4.0.8-2+deb9u3.dsc
898127f7001ec225677d51fe53141007a57bb7b1 32756 tiff_4.0.8-2+deb9u3.debian.tar.xz
aa38fdf8821543d70952afec491e66b4c4a046d4 395778 libtiff-doc_4.0.8-2+deb9u3_all.deb
f6b428e72a2c164f83ec0ae30e0d5372cf377890 14186 libtiff-opengl-dbgsym_4.0.8-2+deb9u3_amd64.deb
81cdae9420ef6e2c5f008361e74ff555d3cf4be8 100438 libtiff-opengl_4.0.8-2+deb9u3_amd64.deb
d5e9be97e401f76b83118635b35d2af93b3322f8 352006 libtiff-tools-dbgsym_4.0.8-2+deb9u3_amd64.deb
7e3641266fc2431ca99c8e88edcd1054ee5333ca 281534 libtiff-tools_4.0.8-2+deb9u3_amd64.deb
139aacc12679be0ff274cf3627af93052346cc4f 372710 libtiff5-dbgsym_4.0.8-2+deb9u3_amd64.deb
cf5432b5709115c518acf1e694e997af2e9a6497 360908 libtiff5-dev_4.0.8-2+deb9u3_amd64.deb
a27f420c88c1e321fda42126bdb4d8ac2a3cffbd 238154 libtiff5_4.0.8-2+deb9u3_amd64.deb
cc6235ba32beafd423cebee85303e4161cd5c2f4 21044 libtiffxx5-dbgsym_4.0.8-2+deb9u3_amd64.deb
7265689f624cc079517af6462136b4598e768219 95730 libtiffxx5_4.0.8-2+deb9u3_amd64.deb
388c3bdfe26ad834ac6d37cfca87b7ad5229d9cd 10898 tiff_4.0.8-2+deb9u3_amd64.buildinfo
Checksums-Sha256:
bd92bfafd8c4918a8a27fd234cf73c35f56e762a4c09d50cc46cf31563f32c3d 2185 tiff_4.0.8-2+deb9u3.dsc
3fa255bdca1852653425fabc2f12884116fd688ccd1a018feb14877fb3a02f99 32756 tiff_4.0.8-2+deb9u3.debian.tar.xz
12fd55720c500960495a659508618eb1ca4ac68531ad4dc4d3b74ca5c70e1b2f 395778 libtiff-doc_4.0.8-2+deb9u3_all.deb
e92e0b6c9f8a47378902448a6376ff3a96b7d6da2ff37b71ba9c41ba9d6dbbe6 14186 libtiff-opengl-dbgsym_4.0.8-2+deb9u3_amd64.deb
d97170b0a42d1973ee9baafbc4bc331479b43df281f702ce23c229c09de8ec53 100438 libtiff-opengl_4.0.8-2+deb9u3_amd64.deb
2be1adb5db654f6904a0e67c845a12566266b5a6e2f8173e054b45745af0945b 352006 libtiff-tools-dbgsym_4.0.8-2+deb9u3_amd64.deb
b4827f18e5ec1763a8477bfae813fa413018ba9243830ce113238fd0f376523c 281534 libtiff-tools_4.0.8-2+deb9u3_amd64.deb
f28cfd4099254030cb7f630cad492fc9dd0cf6341e4c85c917a4e7faca3e3b56 372710 libtiff5-dbgsym_4.0.8-2+deb9u3_amd64.deb
519e1ade7358499043f0450f9770e3e5060c3165bc03062296f1ea1da2586158 360908 libtiff5-dev_4.0.8-2+deb9u3_amd64.deb
de919fe3b2052e462c7b18a836a913b3ae6fe89a7f77835134991d78404192b9 238154 libtiff5_4.0.8-2+deb9u3_amd64.deb
d5684408b5921c7ca5e3ab5be65cefd19be48ecc3887e23d2b0addfaec04d9b3 21044 libtiffxx5-dbgsym_4.0.8-2+deb9u3_amd64.deb
bdbcd72872fd58be5ca862915d4c5964d9852705fbd18f6182a0be1271b3e8bb 95730 libtiffxx5_4.0.8-2+deb9u3_amd64.deb
d2d1b6401fc4b23d9a6c3b4b28f6270b43096adb4e9c7872cce61f6981a4c839 10898 tiff_4.0.8-2+deb9u3_amd64.buildinfo
Files:
f59f746c3bbae9f17676b83420780cd9 2185 libs optional tiff_4.0.8-2+deb9u3.dsc
e814b54f2477641278eca5bcaa4f4acb 32756 libs optional tiff_4.0.8-2+deb9u3.debian.tar.xz
0f5d404a3438be6597839159ee403c35 395778 doc optional libtiff-doc_4.0.8-2+deb9u3_all.deb
b3fb9038740b02be609a929cc967624a 14186 debug extra libtiff-opengl-dbgsym_4.0.8-2+deb9u3_amd64.deb
482c3d39785f462979b61aaf5bcde335 100438 graphics optional libtiff-opengl_4.0.8-2+deb9u3_amd64.deb
b4fbac27d7c43a342290e5992fa4a2ba 352006 debug extra libtiff-tools-dbgsym_4.0.8-2+deb9u3_amd64.deb
3ca8e1538fe57a4948871865021d98d4 281534 graphics optional libtiff-tools_4.0.8-2+deb9u3_amd64.deb
25390f391ab809ef4468a5487e3cf2e9 372710 debug extra libtiff5-dbgsym_4.0.8-2+deb9u3_amd64.deb
4c03c052cb53ff2e74c880ed4f82d8a4 360908 libdevel optional libtiff5-dev_4.0.8-2+deb9u3_amd64.deb
d02d89c48b9ac263fecbdb75bb1a7c87 238154 libs optional libtiff5_4.0.8-2+deb9u3_amd64.deb
e5b4f0cca3c89bdd05d72a23e9228a1b 21044 debug extra libtiffxx5-dbgsym_4.0.8-2+deb9u3_amd64.deb
2ad358b2204823906149a95a580b88c0 95730 libs optional libtiffxx5_4.0.8-2+deb9u3_amd64.deb
e9c5631ac7e31b180499a33dca1f6438 10898 libs optional tiff_4.0.8-2+deb9u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwASXoACgkQEMKTtsN8
TjayFw//de7iqw1Mt0cbYvmaTUgelfC/m8lZXLfjNfL0mOmiiVJpHaQwI2ti5eJm
Jct+OtQCpmwQr1sJg7QC/i++KmIYPbmERFdQjZGI/Zsq+1nhEU7DcOXkLRRrZySt
ftACsBm1AoakUwmixcrSUFvYbJ05LQP5mfmDa+mKjQ75OlV1FxKgAfRyMIW8QVQU
u9r95xOXswVw0JNtqX5ziYJd8FUGDwUHdzXgZG1CUDQF4hsQJ8QVSR5Wsfk2y4f6
xmqPw0/uw1xNNx01mGXUUSskxqKBjXBw+7lU0D0rPATuR1Sh4v+pL3aBHBYDERX2
5CYYAsH5xdxyuE7qRfhYwAqvoH4rFiXWrxlIY7ihbhKSM3Jz4ZxWE69SChf7q+dp
9/6BXmaGmrSAXELiJ2H/ryD5MQzfpCVY0PAmGo6WgGR4joobFblTQO3aVdQGr/Oy
0M2KU/HuuVkd24deIJsVFUFYhty2ezWfTkRTgaFngpOm0rGTbUMTmCAoPF6mgtdk
QBmXgkoDaCGta4XtxVXLdiEpANP1xhYIkj1dlGPl1b6qJiBhV/wSu3gnxdnnQUEB
EcvAnROUu71i6Y8NVOkNo5xSmcWWEKZmTxLbaZTy8BGspntKZCEt8NU+NekJmmEa
LmVftfLrUmzKLlqMUW0Qt9jKv1kah6yagy7hYOn09jIefVqfsXU=
=fAGn
-----END PGP SIGNATURE-----
Reply sent
to Moritz Mühlenhoff <jmm@debian.org>:
You have taken responsibility.
(Mon, 03 Dec 2018 21:51:12 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 03 Dec 2018 21:51:12 GMT) (full text, mbox, link).
Message #34 received at 869823-close@bugs.debian.org (full text, mbox, reply):
Source: tiff
Source-Version: 4.0.8-2+deb9u4
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 869823@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <jmm@debian.org> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 29 Nov 2018 20:45:11 +0100
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 4.0.8-2+deb9u4
Distribution: stretch-security
Urgency: medium
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Moritz Mühlenhoff <jmm@debian.org>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 869823 883320 890441 891288 893806 898348 909037 911635
Changes:
tiff (4.0.8-2+deb9u4) stretch-security; urgency=medium
.
* CVE-2018-5784 (Closes: #890441)
* CVE-2018-7456 (Closes: #891288)
* CVE-2018-8905 (Closes: #893806)
* CVE-2018-10963 (Closes: #898348)
* CVE-2018-17101 (Closes: #909037)
* CVE-2018-18557 (Closes: #911635)
* CVE-2017-11613 (Closes: #869823)
* CVE-2017-17095 (Closes: #883320)
(deb9u3 is unreleased, broken interim)
Checksums-Sha1:
6d2b64d74f17a8f35e1edd7bb8dd7cde4336ef3e 2185 tiff_4.0.8-2+deb9u4.dsc
96e3db13a353be5a6f60b3bc0e21106e47126b54 32508 tiff_4.0.8-2+deb9u4.debian.tar.xz
0aed71e9b72c210193047378dd0ab92b531403bd 395966 libtiff-doc_4.0.8-2+deb9u4_all.deb
6a5db516702eb4ef1edd0e4bba79b810040ebf3a 14186 libtiff-opengl-dbgsym_4.0.8-2+deb9u4_amd64.deb
ba374e80b0ea7fea64855601af8c4ebe1c40a5d7 100452 libtiff-opengl_4.0.8-2+deb9u4_amd64.deb
93b8c61377a1e171b68196f151506ea856127a2a 352192 libtiff-tools-dbgsym_4.0.8-2+deb9u4_amd64.deb
ba9839c15866c35eadf6b41c5886daa8dd76aba1 281526 libtiff-tools_4.0.8-2+deb9u4_amd64.deb
b5d440f325c45e79c53222edee33d60d35fe738d 372710 libtiff5-dbgsym_4.0.8-2+deb9u4_amd64.deb
dd769ae088199ce61bb816e0fa0fca457bc1ad52 360902 libtiff5-dev_4.0.8-2+deb9u4_amd64.deb
e620699d45acce79d57a0c28220d4670614d74aa 238176 libtiff5_4.0.8-2+deb9u4_amd64.deb
c1833888522342f5ae252bd2ac81a5f03c56c65c 21042 libtiffxx5-dbgsym_4.0.8-2+deb9u4_amd64.deb
a1a55fbca39966249d0060b99e6b8e5e520b8d21 95758 libtiffxx5_4.0.8-2+deb9u4_amd64.deb
a6b03e9f716fb6c0133e3e3860a871c4e99b657b 10898 tiff_4.0.8-2+deb9u4_amd64.buildinfo
Checksums-Sha256:
7f2a8ae92ea3ea871eb9baca399e589d256163e9689a64ac41ac64253c84b0b7 2185 tiff_4.0.8-2+deb9u4.dsc
2096e012af91b8503e656212409c438ad2105fd42c22e8f811fe5ef25810342d 32508 tiff_4.0.8-2+deb9u4.debian.tar.xz
819aee1a718341424e5c003aa8c9d2e1b91e4f06d064aabac935282892f0ea59 395966 libtiff-doc_4.0.8-2+deb9u4_all.deb
d2290327372aff7292151c46ebbcdff540362b174d20457aae377164da3db5b4 14186 libtiff-opengl-dbgsym_4.0.8-2+deb9u4_amd64.deb
0c23ccd1da69425412789c09605f4adc74f72146f2c33f22b2e8a8a780db0045 100452 libtiff-opengl_4.0.8-2+deb9u4_amd64.deb
18c20c25900b0379b29eb2d06e3d5fc5df9d12acc49dcbd2eefd09284dbea9df 352192 libtiff-tools-dbgsym_4.0.8-2+deb9u4_amd64.deb
216f428e410e42e6e76e0b0deb0a5059f1a7a37b89346df53e176a5d2f104f9f 281526 libtiff-tools_4.0.8-2+deb9u4_amd64.deb
b40f06db15fb12c75e42470c9bdf22494722b57ce42f83583934fa79aefd1bd8 372710 libtiff5-dbgsym_4.0.8-2+deb9u4_amd64.deb
210f1381ed49fc416d3924bbabf95f1cd3f23c9cf2a1b125a4daf51b4c23221e 360902 libtiff5-dev_4.0.8-2+deb9u4_amd64.deb
16d5ca9b2c846ed56b141b7cff251abe17183566f55a1f5ef6c9a26ba8ff4bde 238176 libtiff5_4.0.8-2+deb9u4_amd64.deb
ce603861e4b922de5ff0d5c4ad6ce1628b866e3572aa10f363032230c4afe92b 21042 libtiffxx5-dbgsym_4.0.8-2+deb9u4_amd64.deb
72ff4f4b006e79737e12df5910c03ea9162668c1da49e56d56b6b325fe98feac 95758 libtiffxx5_4.0.8-2+deb9u4_amd64.deb
e12f8e5f16bb4ac5184944c9fbab4505820728038bfee8c5b7315c35a771d9e8 10898 tiff_4.0.8-2+deb9u4_amd64.buildinfo
Files:
8e41890b5ff7dfc154393c9d0ca20f9a 2185 libs optional tiff_4.0.8-2+deb9u4.dsc
73282487e795e65e9148f99ae4d3ef5c 32508 libs optional tiff_4.0.8-2+deb9u4.debian.tar.xz
2aa8dc17a5f0ca90de0ed0cd59508355 395966 doc optional libtiff-doc_4.0.8-2+deb9u4_all.deb
4ad3bc70adccc8cb7b86cbda58431986 14186 debug extra libtiff-opengl-dbgsym_4.0.8-2+deb9u4_amd64.deb
b36299f94df8f8dc639b5ceba3172b40 100452 graphics optional libtiff-opengl_4.0.8-2+deb9u4_amd64.deb
0ec5ec7081b19090d833f66721840dcc 352192 debug extra libtiff-tools-dbgsym_4.0.8-2+deb9u4_amd64.deb
63e675588c9db18ccf2e3ea0c5565c2f 281526 graphics optional libtiff-tools_4.0.8-2+deb9u4_amd64.deb
f0bac1e24b21a669d6124bc761e1d5b9 372710 debug extra libtiff5-dbgsym_4.0.8-2+deb9u4_amd64.deb
ab2b6522f674902da6b3322612311ec2 360902 libdevel optional libtiff5-dev_4.0.8-2+deb9u4_amd64.deb
5a71ebab612fc28a4aa5d16367cdc156 238176 libs optional libtiff5_4.0.8-2+deb9u4_amd64.deb
17b9c393a4b22ba1363c02e080026619 21042 debug extra libtiffxx5-dbgsym_4.0.8-2+deb9u4_amd64.deb
21c461d08a8486c4bf5e437b4447c026 95758 libs optional libtiffxx5_4.0.8-2+deb9u4_amd64.deb
888fd447d687b2a55dd2cd6ce3f5fbb3 10898 libs optional tiff_4.0.8-2+deb9u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlwBVCgACgkQEMKTtsN8
TjYEPxAAnxOzF3GlbAenjaushsH/CaHw1vIeiAAieq2/vnhMPWkE/OIfCOrGJRYw
3GKEnucwUzkuro41gRXW2qHHcHjKkM2zNKEc72paKI1YdpQURVXXY2V4l0JwTh4P
ihvnNa649LYEEP2sHuRztju3PvQjXq7CFZZOUCMrMP1HRtjtCB8lzUtqSdbw6k/o
QkjmZaxDLZVCaPeBHckA++dGnhrd1SjlBDy8qYwkleHPZXYuiFOp8d0tmaRqEaAl
+ADnfXeEvbsLm1TpIrSRiqfddpsPfV8/E8nElFU+ATW/oUO4Qkf4DCuoXCO/eXUz
Dfne/469yAlqoav5t47ODk0akkkbS+IRvFQFyUqz4+wr8HzlBtQ/1+DBTbE56Qvk
RmE5s7DxB8FPChLAE/NTiC01ta4ZX0iEqABBLZmfM1RJF70NPa6Y7sxvtF0nPHBk
yTP5f1V3oBEDJwPNQK+ssomcHnrVr8XWJ344PeL6CZt1vd8nH4/kyce4rh4kfhZ1
r3rggZbI2BJ5fQnK4qV3hL/ZPTUhO2HAomYic5UF+Gja12fTIljQaJ+mT1BkGWON
rzcOGWZO3M9ao7duj84gT4ew6yziO+uHaSGRAUTQfeefrDMs3F/XPv69mDf8aklU
OrWBxF0ZDMBZIV0L7j7lMvuUaoVMmmMKa9195Utl8sLudIEVSSs=
=f4Lp
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 05 Mar 2019 07:26:40 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:01:07 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon