Bug#624287: marked as done (CVE-2009-5022)

[Debian Bug Tracking System]

Your message dated Fri, 10 Jun 2011 19:55:05 +0000
with message-id <e1qv7nn-0006xy...@franck.debian.org>
and subject line Bug#624287: fixed in tiff 3.9.4-5+squeeze2
has caused the Debian Bug report #624287,
regarding CVE-2009-5022
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
624287: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624287
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tiff
Severity: grave
Tags: security

http://bugzilla.maptools.org/show_bug.cgi?id=1999 has been assigned
CVE-2009-5022.

Cheers,
        Moritz

--- End Message ---

--- Begin Message ---

Source: tiff
Source-Version: 3.9.4-5+squeeze2

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive:

libtiff-doc_3.9.4-5+squeeze2_all.deb
  to main/t/tiff/libtiff-doc_3.9.4-5+squeeze2_all.deb
libtiff-opengl_3.9.4-5+squeeze2_amd64.deb
  to main/t/tiff/libtiff-opengl_3.9.4-5+squeeze2_amd64.deb
libtiff-tools_3.9.4-5+squeeze2_amd64.deb
  to main/t/tiff/libtiff-tools_3.9.4-5+squeeze2_amd64.deb
libtiff4-dev_3.9.4-5+squeeze2_amd64.deb
  to main/t/tiff/libtiff4-dev_3.9.4-5+squeeze2_amd64.deb
libtiff4_3.9.4-5+squeeze2_amd64.deb
  to main/t/tiff/libtiff4_3.9.4-5+squeeze2_amd64.deb
libtiffxx0c2_3.9.4-5+squeeze2_amd64.deb
  to main/t/tiff/libtiffxx0c2_3.9.4-5+squeeze2_amd64.deb
tiff_3.9.4-5+squeeze2.debian.tar.gz
  to main/t/tiff/tiff_3.9.4-5+squeeze2.debian.tar.gz
tiff_3.9.4-5+squeeze2.dsc
  to main/t/tiff/tiff_3.9.4-5+squeeze2.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 624...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jay Berkenbilt <q...@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 07 May 2011 10:21:28 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source all amd64
Version: 3.9.4-5+squeeze2
Distribution: stable-security
Urgency: high
Maintainer: Jay Berkenbilt <q...@debian.org>
Changed-By: Jay Berkenbilt <q...@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 624287
Changes: 
 tiff (3.9.4-5+squeeze2) stable-security; urgency=high
 .
   * CVE-2009-5022: Buffer overflow in OJPEG support. (Closes: #624287)
Checksums-Sha1: 
 935c11d676b52e17d654921856faa67e3101c52b 1872 tiff_3.9.4-5+squeeze2.dsc
 4d26f4cc9c29a7a56dd6f88b714d917a0f4d13c7 17080 
tiff_3.9.4-5+squeeze2.debian.tar.gz
 c9248ec8d119ab1600975bb119052be59607d5f8 385958 
libtiff-doc_3.9.4-5+squeeze2_all.deb
 9b9f26919dfd2acd0fed15f62278d115a392931f 194570 
libtiff4_3.9.4-5+squeeze2_amd64.deb
 8433d2c1c6cfaaa8677063765f7ec08c798f74ee 58884 
libtiffxx0c2_3.9.4-5+squeeze2_amd64.deb
 8ddfbf0b65c238959b673f12d1e3af1fdc40f674 321658 
libtiff4-dev_3.9.4-5+squeeze2_amd64.deb
 c6f7cb9007e6f3d3d597a26b51a9ec46487c2099 301964 
libtiff-tools_3.9.4-5+squeeze2_amd64.deb
 874590efb82bae26cd765c0c63fb56b79e5aab57 64314 
libtiff-opengl_3.9.4-5+squeeze2_amd64.deb
Checksums-Sha256: 
 2829451d3ebea2a603d29e7041ca723168d8f7e7b0a5606af4d2913c00dbc9b2 1872 
tiff_3.9.4-5+squeeze2.dsc
 869256c4ad2ad5dff1eb6292c29b64cd09d904747938b46bf4e65384c7309a86 17080 
tiff_3.9.4-5+squeeze2.debian.tar.gz
 c0322dd0834335dc4d68619fb5ffec716e4b9adbc5982f091873712162a72a8f 385958 
libtiff-doc_3.9.4-5+squeeze2_all.deb
 d295e88a3a9ff1618544fa402117d095490b0b0d6147d9e0eb57ed4bcc2e86d7 194570 
libtiff4_3.9.4-5+squeeze2_amd64.deb
 d497f5c0d18691952f43b89eda698476913d9a788388028c4edec4e1ea02b227 58884 
libtiffxx0c2_3.9.4-5+squeeze2_amd64.deb
 f1565dddb48e08a0fea9f03aac00776ae469767821d589335878d8b9bee92262 321658 
libtiff4-dev_3.9.4-5+squeeze2_amd64.deb
 3bc536f0080ddcb5674046ebbb9a2962c67474eec460464a71cb5c4f125775a9 301964 
libtiff-tools_3.9.4-5+squeeze2_amd64.deb
 f1668b370c9b30dbc95d02236fa4cb5240df72729f6bf7147cc405a1df77580b 64314 
libtiff-opengl_3.9.4-5+squeeze2_amd64.deb
Files: 
 f70685599c06cb7839a1e30c0796fa78 1872 libs optional tiff_3.9.4-5+squeeze2.dsc
 75d8fb29751e615905b7f93317c5fcce 17080 libs optional 
tiff_3.9.4-5+squeeze2.debian.tar.gz
 ef328af6ca00c350d3c5c4d44052ae89 385958 doc optional 
libtiff-doc_3.9.4-5+squeeze2_all.deb
 aa7cd2951d8e2e2c41127e8833d828ea 194570 libs optional 
libtiff4_3.9.4-5+squeeze2_amd64.deb
 27395ed6ffd2e8e40357adce94cc4873 58884 libs optional 
libtiffxx0c2_3.9.4-5+squeeze2_amd64.deb
 32fc216ef4c05367b2cf6dd81c4f41dc 321658 libdevel optional 
libtiff4-dev_3.9.4-5+squeeze2_amd64.deb
 f80a4347443f5a7cae0ac2e7e411fa5d 301964 graphics optional 
libtiff-tools_3.9.4-5+squeeze2_amd64.deb
 63ed19dc507c34921bc1e8a591b394f1 64314 graphics optional 
libtiff-opengl_3.9.4-5+squeeze2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJN4m6+AAoJEIp10QmYASx+ProP/0I3dwsxUD7HdW4ijWPh2blP
RVADi4zePKcWPvkXOku9SpgSJm63ynrSYJZM5nvRftHwwGCQA2Q+CoimPG0hK3rf
FYGJEn1j92IEfe8PrheOnxh4uQkwxW5VfR4R5WKLohxeR81zXQ5Wo7oJMTY7o0bN
perIxafmjBWneyDzaGcFD8X+QPNTPrOLDFDC3py+EBj8kmvEL9PFuJNOf5mSzp4e
rxg/dQhU23o8RmW1wUNekERQ87ZQ2j66VZx4KBOKvkiLLQSTbhAufXHi75VmIkJO
wU/j3OPUZ+LuZifCtUShsxEWAIIUpw69rlyI7L6bwBo/fU5lp5E+hepg/1z6VMdI
hg7IYenoGrqRXFOey6ow5LN0zwkPQymONkfXxjy6HSd5o/GxqaDCkSjCP7noXU9r
FTByizTtYPT0zhVTVNDnT28dxcapAfMhfQL4P7m3lo036pjiCmVqjiZa1YED9cZR
dc1U2aiA2g95KGldZYe+8lXzZ5W7YcYU+xLgxiXT3KbS7gvKhoSgK6uBG8qKj+51
tqZQuPnghwFJzpTeKyv2GcNZRvlwxpSXEhZIvxcCQLhIoDaj6ES8OaGYx7k62rBj
XBmJqJOoGYRULXweBmBaOtETo3cUDvFOIHvGkDrfLRzZAwqQtjYkyCbLWLFKxxpp
sj0TcicA81dT3Gr7CmWM
=uph4
-----END PGP SIGNATURE-----

--- End Message ---