Your message dated Sun, 6 Feb 2005 18:52:36 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Removed
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 29 Nov 2004 19:32:12 +0000
>From [EMAIL PROTECTED] Mon Nov 29 11:32:12 2004
Return-path: <[EMAIL PROTECTED]>
Received: from kitenet.net [64.62.161.42] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CYrFs-0000IQ-00; Mon, 29 Nov 2004 11:32:12 -0800
Received: from dragon.kitenet.net (unknown [66.168.94.144])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client CN "Joey Hess", Issuer "Joey Hess" (verified OK))
by kitenet.net (Postfix) with ESMTP id E7BB61801B
for <[EMAIL PROTECTED]>; Mon, 29 Nov 2004 19:32:11 +0000 (GMT)
Received: by dragon.kitenet.net (Postfix, from userid 1000)
id 5898C6E26E; Mon, 29 Nov 2004 14:33:45 -0500 (EST)
Date: Mon, 29 Nov 2004 14:33:45 -0500
From: Joey Hess <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: buffer overflow in jpeg support (CAN-2004-0929)
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
protocol="application/pgp-signature"; boundary="RnlQjJ0d97Da+TV1"
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
--RnlQjJ0d97Da+TV1
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Package: tiff3g
Severity: grave
Tags: security
tiff3g seems to be vulnerale to the security hole described by
CAN-2004-0929:
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c =
for
libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG
support) option, allows remote attackers to execute arbitrary code via a
malformed TIFF image.
Our package is built with jpeg support enaled. Some more details are here:
http://www.idefense.com/application/poi/display?id=3D154&type=3Dvulnerabili=
ties
I see that we're trying to remove tiff3g, but that many packages in sarge
still depend on it, including konqueror, which would probaly be one good way
to exploit the security problem.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.27
Locale: LANG=3Den_US.UTF-8, LC_CTYPE=3Den_US.UTF-8 (charmap=3DUTF-8)
--=20
see shy jo
--RnlQjJ0d97Da+TV1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFBq3mZd8HHehbQuO8RAgFyAJ9PYMWpz8bFQcYj6+XqUKegEcFQ4gCgxXWH
iHdWIm6RERK9HvFJ06c6ONw=
=4LyW
-----END PGP SIGNATURE-----
--RnlQjJ0d97Da+TV1--
---------------------------------------
Received: (at 283544-done) by bugs.debian.org; 6 Feb 2005 18:52:42 +0000
>From [EMAIL PROTECTED] Sun Feb 06 10:52:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from bangpath.uucico.de [195.71.9.197]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CxrWU-0000kF-00; Sun, 06 Feb 2005 10:52:42 -0800
Received: by bangpath.uucico.de (Postfix, from userid 10)
id 3FAF126C52; Sun, 6 Feb 2005 19:52:41 +0100 (CET)
Received: by deprecation.cyrius.com (Postfix, from userid 1000)
id 1BCA44EE6A; Sun, 6 Feb 2005 18:52:36 +0000 (GMT)
Date: Sun, 6 Feb 2005 18:52:36 +0000
From: Martin Michlmayr <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Removed
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-2.0 required=4.0 tests=BAYES_00,ONEWORD autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
X-CrossAssassin-Score: 2
The migration to tiff4 has happened.
--
Martin Michlmayr
http://www.cyrius.com/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
