Your message dated Sat, 15 Dec 2012 11:33:45 +0000 with message-id <e1tjq01-0002uv...@franck.debian.org> and subject line Bug#694693: fixed in tiff3 3.9.6-10 has caused the Debian Bug report #694693, regarding tiff: CVE-2012-5581 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 694693: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694693 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: tiff Severity: grave Tags: security Justification: user security hole Hi Jay, another security issue was discovered by Red Hat's Huzaifa S. Sidhpurwala: The Red Hat bug contains the necessary details: https://bugzilla.redhat.com/show_bug.cgi?id=867235 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: tiff3 Source-Version: 3.9.6-10 We believe that the bug you reported is fixed in the latest version of tiff3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 694...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Jay Berkenbilt <q...@debian.org> (supplier of updated tiff3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Sat, 15 Dec 2012 06:04:00 -0500 Source: tiff3 Binary: libtiff4 libtiffxx0c2 libtiff4-dev Architecture: source amd64 Version: 3.9.6-10 Distribution: unstable Urgency: high Maintainer: Jay Berkenbilt <q...@debian.org> Changed-By: Jay Berkenbilt <q...@debian.org> Description: libtiff4 - Tag Image File Format (TIFF) library (old version) libtiff4-dev - Tag Image File Format (TIFF) library (old version), development f libtiffxx0c2 - Tag Image File Format (TIFF) library (old version) -- C++ interfa Closes: 694693 Changes: tiff3 (3.9.6-10) unstable; urgency=high . * Add fix for CVE-2012-5581, reimplementing DOTRANGE handling to make it safer. Thanks to Red Hat security team for backporting the fix. (Closes: #694693) Checksums-Sha1: 7e60341734401505a5e94e308c976ec71ecb5396 1933 tiff3_3.9.6-10.dsc d552220ed5a5b42019e10f956ca4995424cc4c57 18060 tiff3_3.9.6-10.debian.tar.gz 70be195259e8455d99d9c8a6f2a9e91f58f432cf 201996 libtiff4_3.9.6-10_amd64.deb b081b2c1ec07c1b921aecb337e7a6dfcc5dce65d 63332 libtiffxx0c2_3.9.6-10_amd64.deb 1d643c970c297d8e243e3942cb75a734d9b9772d 337066 libtiff4-dev_3.9.6-10_amd64.deb Checksums-Sha256: a5c2a4c9ac1abc4b6495b2dd28d0efe2166ff2521e9f1e5fceb752ffd8f20c1c 1933 tiff3_3.9.6-10.dsc a168b32ed7cf85d1ce87e0570acc18b1466ad96d8c18534ef84e9305e60908d6 18060 tiff3_3.9.6-10.debian.tar.gz d9562a9856c144cb07579f711e8e9c2f180e07760b3eefd05a8c1163662bc7b7 201996 libtiff4_3.9.6-10_amd64.deb 74a05f49494cd790725a43d145924795e8adac717997256ecb1e21dd46d612ba 63332 libtiffxx0c2_3.9.6-10_amd64.deb cbbfa8c02b5d96f0eb5e2c2c1c49eb308d779378a2f897a7d8388c4d2630cc10 337066 libtiff4-dev_3.9.6-10_amd64.deb Files: 465d02e837cb92d986397ef863ea26e8 1933 oldlibs optional tiff3_3.9.6-10.dsc e02cc06af5c0e5d5b0a2c4425a98435d 18060 oldlibs optional tiff3_3.9.6-10.debian.tar.gz 421f3589b3b1092b2938a938a7dcad54 201996 oldlibs optional libtiff4_3.9.6-10_amd64.deb 2575461487c1996a2d8e23fd0bf4e28d 63332 oldlibs optional libtiffxx0c2_3.9.6-10_amd64.deb b4ae4d396c50419b778475f6847a8365 337066 libdevel optional libtiff4-dev_3.9.6-10_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJQzF0wAAoJEIp10QmYASx+lqgQAIb54SxBpq38QXYKL4KRxKv+ FaCub0ktB32DiJBHChDJ/vsuEDfcypADx9ow0huvnbsz2wXhfr6MWbbRtuWweNRU 4P6ruBRu698czDDv5tXxQaELFvaTAuvk0fjzf7GxzExSW9jj85tTci43P36YkRgi i+ZURT10gpKZ0fmRj/YVHLlZqSetGQMp4/HncI1xi1r1Ah5Xe8kur8KbvlJf895k nsCR3yoOIrr1v4lkFbOPmZSJNW60FquR09BltfDf6bZa0C5aIMXSgZKaMQKOFSEH 1w74V3epftecFcFm09uWeTcTm4QMWzqkygyFlH8PhdhM6P0u7Yel55NNgeXATaiT WkokG05FlY/3r/zNEyrOzdvSZNX9b5kdosnrKLW5bJXM7XKtvjPp9gpvkCHnWe6p 90DeTYcpuQ9pXIeNLKFTyOiIhVj9i/FHPOBiaaaGhA50JdY+w/MSjN5Ihg0kS2bb zM/fa2B4LdXag/HiPNxumbOkcT6BbnzQRoj2D+8PUndm4i8TkvubiVkOI//AA8th GlzsaQDum2IegbQ0Fsb1RaoPlnBGTPN/mkS/tXwBN4mMzsT63miEWK8IOq/WogNO h8L2RquIsI2FdfosXyljw5Vo+V5Ufu0Wckdz+clxnJDVPpfWNzBoudoHaF+x0KbF yrktXDr8GKnqQj14IqK7 =dcHV -----END PGP SIGNATURE-----
--- End Message ---
