Your message dated Wed, 24 May 2006 10:23:45 -0400
with message-id <[EMAIL PROTECTED]>
and subject line bug does not effect sid or etch
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: libtiff4
Version: 3.7.2-3sarge1
Severity: grave
Tags: security
Justification: user security hole
As far as I could see, this is not fixed in sarge:
Name: CVE-2006-2120
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2120
http://bugzilla.remotesensing.org/show_bug.cgi?id=1065
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers
to cause a denial of service (crash) via a crafted TIFF image with
Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an
out-of-bounds read.
The function name is actually TIFFXYZToRGB. I am sorry that I am too
late for DSA 1054.
Cheers,
Stefan
--- End Message ---
--- Begin Message ---
Version: 3.8.2-1
This bug applies to sarge only; marking it done as of 3.8.2-1.
--- End Message ---
