Bug#619614: marked as done (CVE-2011-1167)

[Debian Bug Tracking System]

Your message dated Sat, 02 Apr 2011 16:32:21 +0000
with message-id <e1q63kl-0003n1...@franck.debian.org>
and subject line Bug#619614: fixed in tiff 3.9.4-9
has caused the Debian Bug report #619614,
regarding CVE-2011-1167
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
619614: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=619614
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: tiff
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1167
for details.

Cheers,
        Moritz

-- System Information:
Debian Release: 5.0.1
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.32-ucs37-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

--- End Message ---

--- Begin Message ---

Source: tiff
Source-Version: 3.9.4-9

We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive:

libtiff-doc_3.9.4-9_all.deb
  to main/t/tiff/libtiff-doc_3.9.4-9_all.deb
libtiff-opengl_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff-opengl_3.9.4-9_amd64.deb
libtiff-tools_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff-tools_3.9.4-9_amd64.deb
libtiff4-dev_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff4-dev_3.9.4-9_amd64.deb
libtiff4_3.9.4-9_amd64.deb
  to main/t/tiff/libtiff4_3.9.4-9_amd64.deb
libtiffxx0c2_3.9.4-9_amd64.deb
  to main/t/tiff/libtiffxx0c2_3.9.4-9_amd64.deb
tiff_3.9.4-9.debian.tar.gz
  to main/t/tiff/tiff_3.9.4-9.debian.tar.gz
tiff_3.9.4-9.dsc
  to main/t/tiff/tiff_3.9.4-9.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 619...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jay Berkenbilt <q...@debian.org> (supplier of updated tiff package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 02 Apr 2011 10:59:38 -0400
Source: tiff
Binary: libtiff4 libtiffxx0c2 libtiff4-dev libtiff-tools libtiff-opengl 
libtiff-doc
Architecture: source all amd64
Version: 3.9.4-9
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <q...@debian.org>
Changed-By: Jay Berkenbilt <q...@debian.org>
Description: 
 libtiff-doc - TIFF manipulation and conversion documentation
 libtiff-opengl - TIFF manipulation and conversion tools
 libtiff-tools - TIFF manipulation and conversion tools
 libtiff4   - Tag Image File Format (TIFF) library
 libtiff4-dev - Tag Image File Format library (TIFF), development files
 libtiffxx0c2 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 619614
Changes: 
 tiff (3.9.4-9) unstable; urgency=high
 .
   * CVE-2011-1167: correct potential buffer overflow with thunder encoded
     files with wrong bitspersample set.  (Closes: #619614)
Checksums-Sha1: 
 2ab870aa97fe6b0ae2d9dcf91a49ad4c9deb4943 1855 tiff_3.9.4-9.dsc
 5c7d89b65156d54aae06490342677b9b0c8653f0 17407 tiff_3.9.4-9.debian.tar.gz
 4c02d60f8c8db7e03e01db11759abd8fc1f3ffd7 386452 libtiff-doc_3.9.4-9_all.deb
 81b6e1b17a9c4e18c98e07f00449fc2f69340613 196922 libtiff4_3.9.4-9_amd64.deb
 b4ba4874cf23f115d95584751dfb19eb9010a55a 59612 libtiffxx0c2_3.9.4-9_amd64.deb
 da88c43783f91e75340860dbd7ec8eb4d289f560 331306 libtiff4-dev_3.9.4-9_amd64.deb
 7554fb73974582b738bef0ef7221b2c827674a01 320814 libtiff-tools_3.9.4-9_amd64.deb
 47aa3aa2f4f6ca75b2a5c42be9a300faa72efaa1 65170 libtiff-opengl_3.9.4-9_amd64.deb
Checksums-Sha256: 
 1756e8d61155af4ac3a2110bfa582d5944bf4c5e89184ebfbc6430c4db2d393e 1855 
tiff_3.9.4-9.dsc
 81b878089e94763a5c5a471cd140c9c6497d35e6c0be8f712357f30576f98bea 17407 
tiff_3.9.4-9.debian.tar.gz
 abb8ed94a880e7ffe76289523b9f17d6fd1530630b2c52c826ccb9fcaa676707 386452 
libtiff-doc_3.9.4-9_all.deb
 d0d33878ccd8eec52eb35ecbbf288b09e1eeac122ca2d847449a8572693a1451 196922 
libtiff4_3.9.4-9_amd64.deb
 eae157be0c5f05c461659990ec45616d8e3d4c061f6643bdcd8053f8b44cd003 59612 
libtiffxx0c2_3.9.4-9_amd64.deb
 fde9e7607662a8236238072462b8cd07aec33066185269051214bce8fb79b25f 331306 
libtiff4-dev_3.9.4-9_amd64.deb
 191b3fa645fdb19218d32849807d19e906db3d7cc3c85088728780768b3a6afd 320814 
libtiff-tools_3.9.4-9_amd64.deb
 a61db79125596efbd582a6846e4666e2365b40c6367a9d787481f0d43c85023b 65170 
libtiff-opengl_3.9.4-9_amd64.deb
Files: 
 6a9e6c25c62eb0854c4bc69a64e60e72 1855 libs optional tiff_3.9.4-9.dsc
 b13866b547d4a717ea048270b0dd2e47 17407 libs optional tiff_3.9.4-9.debian.tar.gz
 d286af11a779aa6d547ea76b1829160c 386452 doc optional 
libtiff-doc_3.9.4-9_all.deb
 40e1d8757e4330ad03769d0d3d2915f8 196922 libs optional 
libtiff4_3.9.4-9_amd64.deb
 963434e9f757a93859eee96e82df115a 59612 libs optional 
libtiffxx0c2_3.9.4-9_amd64.deb
 96ee424441daa2f82b6afbc9447f6d9b 331306 libdevel optional 
libtiff4-dev_3.9.4-9_amd64.deb
 af2b4139788f5b09e365d692c5ccef24 320814 graphics optional 
libtiff-tools_3.9.4-9_amd64.deb
 9ca7656234ac50f1b9ea8b44587055bb 65170 graphics optional 
libtiff-opengl_3.9.4-9_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iQIcBAEBAgAGBQJNl0w6AAoJEIp10QmYASx+6M0QAJCEC67yUQgsikluYmVNSR1z
dml9gcATLrlU840kYADjPMV6/igdfwHw8y5KmWh0i2wBz2LLfX02YOpDvQa+DoAy
biTVSu9jvLAqCgKqCV6RDwHJGJmukA3W47c9TsPf2MTHpTTtN6XDwRNyh/Qafb5S
YLqxdDyuf57PGlUyrPWaREXx67xf4p00bZUB7pbWWF+vvEAv6/4z1oiWC81JebBD
cFSWdRibiTjo0u0NY7sfxpolUkNNfDgjSE+/xzPkbADH9TD9Bfptrj8WEEk+gmDB
xXw2Nv5MAY9hwCkTm8toWp3Pq0JaXPDBNkwQNzbVbdFVWPkUF75XxgVkfyOliylz
rAAkOiQGcj/nNNmBV9r2Bv1e/8tHI8svAJvxyb+vVDdJny4PUekID3u8k6E6SiTL
yep6zCoajW83ZCvct/zg84LqpRLJNZWWxLif98Xl1fVDFv5Y+wTvEfUWHloEvvO+
FqKgi3rnnMPpVtfxXMguLvJGPHEwXIBQxbEE2CeLW41aKIyByjNu3/OrLXtvQNlu
h8kLKT8GqZy/3N2+l10qmyPtnFTOEcNLV/ue/Gk8y1xktMs3W1QLVIANOZkO842q
LD5MtANwBs+rxTIG9PlniMVj8N3DxFUL2so5PYz9SJGeZ9t7sUOwL9Lt7g17EYJv
jcDGC4KJk7HeyK0IVBim
=Qhr0
-----END PGP SIGNATURE-----

--- End Message ---