Bug#600188: marked as done (tiff: CVE-2010-3087)

[Debian Bug Tracking System]

Your message dated Sun, 17 Oct 2010 21:02:29 +0000
with message-id <e1p7anb-0000ds...@franck.debian.org>
and subject line Bug#600188: fixed in tiff 3.9.4-5
has caused the Debian Bug report #600188,
regarding tiff: CVE-2010-3087
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
600188: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600188
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tiff
Severity: grave
Tags: security
Justification: user security hole

Please see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087

This patch should fix it:
http://bugzilla.maptools.org/show_bug.cgi?id=2140

(Lenny is not affected)

Cheers,
        Moritz

-- System Information:
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: tiff
Source-Version: 3.9.4-5

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive:

libtiff-doc_3.9.4-5_all.deb
  to main/t/tiff/libtiff-doc_3.9.4-5_all.deb
libtiff-opengl_3.9.4-5_amd64.deb
  to main/t/tiff/libtiff-opengl_3.9.4-5_amd64.deb
libtiff-tools_3.9.4-5_amd64.deb
  to main/t/tiff/libtiff-tools_3.9.4-5_amd64.deb
libtiff4-dev_3.9.4-5_amd64.deb
  to main/t/tiff/libtiff4-dev_3.9.4-5_amd64.deb
libtiff4_3.9.4-5_amd64.deb
  to main/t/tiff/libtiff4_3.9.4-5_amd64.deb
libtiffxx0c2_3.9.4-5_amd64.deb
  to main/t/tiff/libtiffxx0c2_3.9.4-5_amd64.deb
tiff_3.9.4-5.debian.tar.gz
  to main/t/tiff/tiff_3.9.4-5.debian.tar.gz
tiff_3.9.4-5.dsc
  to main/t/tiff/tiff_3.9.4-5.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 600...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jay Berkenbilt <q...@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 17 Oct 2010 16:44:08 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source all amd64
Version: 3.9.4-5
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <q...@debian.org>
Changed-By: Jay Berkenbilt <q...@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 600188
Changes: 
 tiff (3.9.4-5) unstable; urgency=high
 .
   * Incorporated fix to CVE-2010-3087, a potential denial of service
     exploitable with a specially crafted TIFF file.  (Closes: #600188)
Checksums-Sha1: 
 140f55879c1b698ae73d6a09be5585a9ed8b793f 1836 tiff_3.9.4-5.dsc
 5505dae33e91faf42ab6088a40e489c6d0c91567 15843 tiff_3.9.4-5.debian.tar.gz
 8e2102ddf803af42a084035769273de034ebfd1f 385798 libtiff-doc_3.9.4-5_all.deb
 97b4e68b2678bd5e9766f19ee86d53278746e5a6 194180 libtiff4_3.9.4-5_amd64.deb
 bd698fbd01c24ebf3b32992203fd615d3388eb22 58756 libtiffxx0c2_3.9.4-5_amd64.deb
 053d714ca81d7fdd5e2da1865e50c9024c51bee0 321330 libtiff4-dev_3.9.4-5_amd64.deb
 8d4dda561b48f06d13ed2bf088e6a66de130bbf0 301864 libtiff-tools_3.9.4-5_amd64.deb
 e87f3bbc0ced69e545aede07ae45b05f1e3a73ac 64170 libtiff-opengl_3.9.4-5_amd64.deb
Checksums-Sha256: 
 5973e13949ccf30d7f6f9adff1179c77ae661be528c81f77f554a912fba6aa6b 1836 
tiff_3.9.4-5.dsc
 a6d89e57ce3e80bd656f101991a26bab9e61132ff7703e995c57189361efed20 15843 
tiff_3.9.4-5.debian.tar.gz
 66baca22eb44feca334456cfc6f310c9027710b78426f804936bfac81452f470 385798 
libtiff-doc_3.9.4-5_all.deb
 dd891b48b4eea1e68fc46d4a5bbd2a0caf89bbad0766ade000350efce5153dc6 194180 
libtiff4_3.9.4-5_amd64.deb
 dae926462b418f28bfcd24a1856186d6da3d8ca3e567191ea9565b26a04be5ba 58756 
libtiffxx0c2_3.9.4-5_amd64.deb
 e088b2b8be329fd61b26b0142e7cf082414efe1ffaaf7786bcac792299eb02bd 321330 
libtiff4-dev_3.9.4-5_amd64.deb
 71993714a6e481283e93a308b007e24061f00ccd09571fc2a884ffb50322fff6 301864 
libtiff-tools_3.9.4-5_amd64.deb
 d54d5d705ac998d284b97f94226258ded6f4792afe08681f6a246a5550a1b23f 64170 
libtiff-opengl_3.9.4-5_amd64.deb
Files: 
 2ec1daf1fb8457f268bd50b7341cfc01 1836 libs optional tiff_3.9.4-5.dsc
 809cf67141086afa9683d5baadef33bb 15843 libs optional tiff_3.9.4-5.debian.tar.gz
 70c9a1f62f46edb0419bb8dbd917c615 385798 doc optional 
libtiff-doc_3.9.4-5_all.deb
 b3f998fcd68f765b45837d9c2a73397a 194180 libs optional 
libtiff4_3.9.4-5_amd64.deb
 1e0b26afd53e2f2db5996a066e6de136 58756 libs optional 
libtiffxx0c2_3.9.4-5_amd64.deb
 0e37030d24dc550f1d6db0bb22886c4c 321330 libdevel optional 
libtiff4-dev_3.9.4-5_amd64.deb
 03cc07ba6a9b11f6b06f354bff37bddf 301864 graphics optional 
libtiff-tools_3.9.4-5_amd64.deb
 a163014d225546e90c7485133b1b29d9 64170 graphics optional 
libtiff-opengl_3.9.4-5_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJMu2F8AAoJEIp10QmYASx+xeoP/R3Ij2Cl+BEvD0R0te+JUG8K
zLJkEjp6vxFhWKKZgnctWRb4a5i780BMLeaNNaNi6adJQWnwiJB3OPlQxtsAfiX4
9ySJ8j118uCiT3wqtDkXcVrWzROE5kMQ10jpcOBDXJt6fONMLU3pjMMxrqCUtD+f
y/pptDwgMz0seeXIyybh2Wtt2acBvT6KGnZ51UBlSRwYmLLEtQzE2kiI7kFEFdMN
CmekuimAReSj8VuNuOzOhwI5D9vJmUQZ1NJ+Qv6Z89en0wuFuoxp+YUGw6J7M2fM
uJt/PGxa/iiavkGLU9zryK9pzwJrgaAVRIDup+gitK6tIniscbBC/mliqBOvDb10
4St3xbjRQiNcO3RlMNK1xPS946F6kpKL7C3sAs/KocayaNkjAC74Rp645PdCa+aS
DEYiDpFF4CDR0f2r09qsA7hPLvpG22z6dB2ElmAy/AewBhvGfQebZ5G0ICJYTEJL
+lpQ0l0ELa51RUyNtzQVyor/p/2FlsefgerySZtaszMfawQrkkk9gak9TOkX0zbC
oRvP4JKUXon74AVQ+G2S0MRJchIvlI32r5apU6nS4xx4HO0w/GvSKumHQIJh9TnM
7ZGVb3ngaGrqNOzWtaEWoczndpIvlxj8kzgcgAMIysGOFzhxBI5LsUvDWkgGDnsE
76NqjaFsz5UA7BBcY+pq
=omHr
-----END PGP SIGNATURE-----

--- End Message ---