Debian Bug report logs - #619614
CVE-2011-1167

version graph

Package: tiff; Maintainer for tiff is Jay Berkenbilt <qjb@debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 25 Mar 2011 15:33:02 UTC

Severity: grave

Tags: security

Fixed in version tiff/3.9.4-9

Done: Jay Berkenbilt <qjb@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#619614; Package tiff. (Fri, 25 Mar 2011 15:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Jay Berkenbilt <qjb@debian.org>. (Fri, 25 Mar 2011 15:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-1167
Date: Fri, 25 Mar 2011 16:29:08 +0100
Package: tiff
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1167
for details.

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs37-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)




Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#619614; Package tiff. (Sat, 02 Apr 2011 14:57:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Jay Berkenbilt <qjb@debian.org>:
Extra info received and forwarded to list. (Sat, 02 Apr 2011 14:57:06 GMT) Full text and rfc822 format available.

Message #10 received at 619614@bugs.debian.org (full text, mbox):

From: Jay Berkenbilt <qjb@debian.org>
To: Moritz Muehlenhoff <muehlenhoff@univention.de>
Cc: 619614@bugs.debian.org
Subject: Re: Bug#619614: CVE-2011-1167
Date: Sat, 02 Apr 2011 10:44:52 -0400
Moritz Muehlenhoff <muehlenhoff@univention.de> wrote:

> Package: tiff
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1167
> for details.

Sorry for the delay...working this issue now, and preparing packages for
oldstable and stable as well.




Reply sent to Jay Berkenbilt <qjb@debian.org>:
You have taken responsibility. (Sat, 02 Apr 2011 16:33:07 GMT) Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sat, 02 Apr 2011 16:33:07 GMT) Full text and rfc822 format available.

Message #15 received at 619614-close@bugs.debian.org (full text, mbox):

From: Jay Berkenbilt <qjb@debian.org>
To: 619614-close@bugs.debian.org
Subject: Bug#619614: fixed in tiff 3.9.4-9
Date: Sat, 02 Apr 2011 16:32:21 +0000
Source: tiff
Source-Version: 3.9.4-9

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive:

libtiff-doc_3.9.4-9_all.deb
  to main/t/tiff/libtiff-doc_3.9.4-9_all.deb
libtiff-opengl_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff-opengl_3.9.4-9_amd64.deb
libtiff-tools_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff-tools_3.9.4-9_amd64.deb
libtiff4-dev_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff4-dev_3.9.4-9_amd64.deb
libtiff4_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff4_3.9.4-9_amd64.deb
libtiffxx0c2_3.9.4-9_amd64.deb
  to main/t/tiff/libtiffxx0c2_3.9.4-9_amd64.deb
tiff_3.9.4-9.debian.tar.gz
  to main/t/tiff/tiff_3.9.4-9.debian.tar.gz
tiff_3.9.4-9.dsc
  to main/t/tiff/tiff_3.9.4-9.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 619614@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jay Berkenbilt <qjb@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 02 Apr 2011 10:59:38 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl libtiff-doc
Architecture: source all amd64
Version: 3.9.4-9
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 619614
Changes: 
 tiff (3.9.4-9) unstable; urgency=high
 .
   * CVE-2011-1167: correct potential buffer overflow with thunder encoded
     files with wrong bitspersample set.  (Closes: #619614)
Checksums-Sha1: 
 2ab870aa97fe6b0ae2d9dcf91a49ad4c9deb4943 1855 tiff_3.9.4-9.dsc
 5c7d89b65156d54aae06490342677b9b0c8653f0 17407 tiff_3.9.4-9.debian.tar.gz
 4c02d60f8c8db7e03e01db11759abd8fc1f3ffd7 386452 libtiff-doc_3.9.4-9_all.deb
 81b6e1b17a9c4e18c98e07f00449fc2f69340613 196922 libtiff4_3.9.4-9_amd64.deb
 b4ba4874cf23f115d95584751dfb19eb9010a55a 59612 libtiffxx0c2_3.9.4-9_amd64.deb
 da88c43783f91e75340860dbd7ec8eb4d289f560 331306 libtiff4-dev_3.9.4-9_amd64.deb
 7554fb73974582b738bef0ef7221b2c827674a01 320814 libtiff-tools_3.9.4-9_amd64.deb
 47aa3aa2f4f6ca75b2a5c42be9a300faa72efaa1 65170 libtiff-opengl_3.9.4-9_amd64.deb
Checksums-Sha256: 
 1756e8d61155af4ac3a2110bfa582d5944bf4c5e89184ebfbc6430c4db2d393e 1855 tiff_3.9.4-9.dsc
 81b878089e94763a5c5a471cd140c9c6497d35e6c0be8f712357f30576f98bea 17407 tiff_3.9.4-9.debian.tar.gz
 abb8ed94a880e7ffe76289523b9f17d6fd1530630b2c52c826ccb9fcaa676707 386452 libtiff-doc_3.9.4-9_all.deb
 d0d33878ccd8eec52eb35ecbbf288b09e1eeac122ca2d847449a8572693a1451 196922 libtiff4_3.9.4-9_amd64.deb
 eae157be0c5f05c461659990ec45616d8e3d4c061f6643bdcd8053f8b44cd003 59612 libtiffxx0c2_3.9.4-9_amd64.deb
 fde9e7607662a8236238072462b8cd07aec33066185269051214bce8fb79b25f 331306 libtiff4-dev_3.9.4-9_amd64.deb
 191b3fa645fdb19218d32849807d19e906db3d7cc3c85088728780768b3a6afd 320814 libtiff-tools_3.9.4-9_amd64.deb
 a61db79125596efbd582a6846e4666e2365b40c6367a9d787481f0d43c85023b 65170 libtiff-opengl_3.9.4-9_amd64.deb
Files: 
 6a9e6c25c62eb0854c4bc69a64e60e72 1855 libs optional tiff_3.9.4-9.dsc
 b13866b547d4a717ea048270b0dd2e47 17407 libs optional tiff_3.9.4-9.debian.tar.gz
 d286af11a779aa6d547ea76b1829160c 386452 doc optional libtiff-doc_3.9.4-9_all.deb
 40e1d8757e4330ad03769d0d3d2915f8 196922 libs optional libtiff4_3.9.4-9_amd64.deb
 963434e9f757a93859eee96e82df115a 59612 libs optional libtiffxx0c2_3.9.4-9_amd64.deb
 96ee424441daa2f82b6afbc9447f6d9b 331306 libdevel optional libtiff4-dev_3.9.4-9_amd64.deb
 af2b4139788f5b09e365d692c5ccef24 320814 graphics optional libtiff-tools_3.9.4-9_amd64.deb
 9ca7656234ac50f1b9ea8b44587055bb 65170 graphics optional libtiff-opengl_3.9.4-9_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNl0w6AAoJEIp10QmYASx+6M0QAJCEC67yUQgsikluYmVNSR1z
dml9gcATLrlU840kYADjPMV6/igdfwHw8y5KmWh0i2wBz2LLfX02YOpDvQa+DoAy
biTVSu9jvLAqCgKqCV6RDwHJGJmukA3W47c9TsPf2MTHpTTtN6XDwRNyh/Qafb5S
YLqxdDyuf57PGlUyrPWaREXx67xf4p00bZUB7pbWWF+vvEAv6/4z1oiWC81JebBD
cFSWdRibiTjo0u0NY7sfxpolUkNNfDgjSE+/xzPkbADH9TD9Bfptrj8WEEk+gmDB
xXw2Nv5MAY9hwCkTm8toWp3Pq0JaXPDBNkwQNzbVbdFVWPkUF75XxgVkfyOliylz
rAAkOiQGcj/nNNmBV9r2Bv1e/8tHI8svAJvxyb+vVDdJny4PUekID3u8k6E6SiTL
yep6zCoajW83ZCvct/zg84LqpRLJNZWWxLif98Xl1fVDFv5Y+wTvEfUWHloEvvO+
FqKgi3rnnMPpVtfxXMguLvJGPHEwXIBQxbEE2CeLW41aKIyByjNu3/OrLXtvQNlu
h8kLKT8GqZy/3N2+l10qmyPtnFTOEcNLV/ue/Gk8y1xktMs3W1QLVIANOZkO842q
LD5MtANwBs+rxTIG9PlniMVj8N3DxFUL2so5PYz9SJGeZ9t7sUOwL9Lt7g17EYJv
jcDGC4KJk7HeyK0IVBim
=Qhr0
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 26 Oct 2011 07:34:09 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 24 02:03:48 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.