Your message dated Sat, 01 Jul 2017 19:37:56 +0000
with message-id <[email protected]>
and subject line Bug#866113: fixed in tiff 4.0.8-3
has caused the Debian Bug report #866113,
regarding tiff: CVE-2017-9936: Memory leak in tif_jbig.c can lead to DoS
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
866113: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866113
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tiff
Version: 4.0.8-2
Severity: important
Tags: security patch upstream fixed-upstream
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2706
Hi,
the following vulnerability was published for tiff.
CVE-2017-9936[0]:
| In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF
| document can lead to a memory leak resulting in a remote denial of
| service attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-9936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9936
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2706
[2]
https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
Please adjust the affected versions in the BTS as needed. Only sid
version has been verified at the time of writing this bugreport.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 4.0.8-3
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 01 Jul 2017 18:13:15 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl
libtiff-doc
Architecture: source all amd64
Version: 4.0.8-3
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 866113 866611
Changes:
tiff (4.0.8-3) unstable; urgency=high
.
* Backport security fixes:
- CVE-2017-9936, memory leak in error code path of JBIGDecode()
(closes: #866113),
- prevent out of memory in gtTileContig() on corrupted files,
- CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
(closes: #866611).
* Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
libtiff5 package.
* Update Standards-Version to 4.0.0 .
Checksums-Sha1:
1c42321c6b9dcc5c97adc77a05f4246e4019140b 2157 tiff_4.0.8-3.dsc
8bb4f433a11c62f7fb058bdfcf4fceec2eb0c793 22472 tiff_4.0.8-3.debian.tar.xz
ab1dc60e0234ae0d19b81ee347d446ec86be0475 395430 libtiff-doc_4.0.8-3_all.deb
86c77629d254d10cf3eefeb6e5ca95824e783c96 14154
libtiff-opengl-dbgsym_4.0.8-3_amd64.deb
e5a450884ef3cca477ee2bfd784008c8d60fbaac 99968 libtiff-opengl_4.0.8-3_amd64.deb
e983653ef994dbe52087dd88d8d6391854bab42f 351778
libtiff-tools-dbgsym_4.0.8-3_amd64.deb
c478bb50b512e630916cc91d06bb5e2e8c8326cd 280926 libtiff-tools_4.0.8-3_amd64.deb
55ca16cbb8f6c5dfaa457f6f66d261e785b48412 370948
libtiff5-dbgsym_4.0.8-3_amd64.deb
28cb6682aa7fa2ef0d35c941d050c2f5e7771200 359462 libtiff5-dev_4.0.8-3_amd64.deb
c5b9592d855b2ff97ae778f4efe7fd8f1ac9deac 236994 libtiff5_4.0.8-3_amd64.deb
54e41819add64bc1b3739148853db05d06730d8a 21010
libtiffxx5-dbgsym_4.0.8-3_amd64.deb
07bc5433408a140ce1a7aa26c7eb9ec51a86f3b7 95272 libtiffxx5_4.0.8-3_amd64.deb
a9cd973ce39497c8dc70701ae657f271be59bce5 11105 tiff_4.0.8-3_amd64.buildinfo
Checksums-Sha256:
68d975990583c60955f96f51fc4e5cc13dbf7cdeb0fdd4f6c832a8d648870098 2157
tiff_4.0.8-3.dsc
8803ef2917ceb80c472e97d85e86f71a20d04cf7de94ebffcc1b3100f51058ce 22472
tiff_4.0.8-3.debian.tar.xz
a76ffe929c070f5927053892a3877fed496748c55a59ee09e12695d9993f9ed1 395430
libtiff-doc_4.0.8-3_all.deb
28130dc0fb80341f5b2344975ebc139715c1229f801c7964faf68378b598dc9c 14154
libtiff-opengl-dbgsym_4.0.8-3_amd64.deb
0da6a8808c45069bab5c746fbc9fdb9beadd5dca9bd366edcf74612fd136cf55 99968
libtiff-opengl_4.0.8-3_amd64.deb
74de8b869192b3be710b2328356686442708b8870b650378aa5330cfd820f3cb 351778
libtiff-tools-dbgsym_4.0.8-3_amd64.deb
0c14b23f93828c03d60688754f480ceb84cea11cbe5be00d94a16f8a40f48fe3 280926
libtiff-tools_4.0.8-3_amd64.deb
96d4de12febf2e7d448b0f9fba08270b9b8fdfe5451edd409090c81eed7b6914 370948
libtiff5-dbgsym_4.0.8-3_amd64.deb
e23636e4661f4105d8611bb0f2a9832d7d3123831df30da79e17aa2b3f4be9d5 359462
libtiff5-dev_4.0.8-3_amd64.deb
0b1b8daf67b8289a3e3549ba3ce32182900730f0a3fe8abd8fc8a2943fe3d43d 236994
libtiff5_4.0.8-3_amd64.deb
fe6940b05b316a70f108cc64ea3a1c1eb9245887b1dfad6c0eb57df171945fd7 21010
libtiffxx5-dbgsym_4.0.8-3_amd64.deb
cf7b3f15290b6e046b9b641d796a89fa5bfafff73ecafc8f14eb4dbd54040852 95272
libtiffxx5_4.0.8-3_amd64.deb
90af28beb3b520288993fdb328e6b9dea5eee12bef63985099cc1e1a8f4a465b 11105
tiff_4.0.8-3_amd64.buildinfo
Files:
ecdf71818553d6ac59c26fc14b0e71ff 2157 libs optional tiff_4.0.8-3.dsc
de6cbda54c319f8d047842a31fce346c 22472 libs optional tiff_4.0.8-3.debian.tar.xz
30cf9e15b31c90f90ba9dd1246d75aec 395430 doc optional
libtiff-doc_4.0.8-3_all.deb
181484f9fdd7dadb8dbc8ef873d362dd 14154 debug extra
libtiff-opengl-dbgsym_4.0.8-3_amd64.deb
bbf0776f9567d6cbccd3fdb263c7e6bc 99968 graphics optional
libtiff-opengl_4.0.8-3_amd64.deb
f5a8db6d1aa800577b9259deed449d03 351778 debug extra
libtiff-tools-dbgsym_4.0.8-3_amd64.deb
651f8dc6d73d2c4b224e7c947e7eb09f 280926 graphics optional
libtiff-tools_4.0.8-3_amd64.deb
a3c4c1fc68f39e505bbefed5823bfdf2 370948 debug extra
libtiff5-dbgsym_4.0.8-3_amd64.deb
3cc6bf3812196feaf1e23b9e5271893e 359462 libdevel optional
libtiff5-dev_4.0.8-3_amd64.deb
de98b650b970244da5ed0b9ac8cccd7f 236994 libs optional
libtiff5_4.0.8-3_amd64.deb
8ca5b56079be1d8ab4c1f93f76cf3f91 21010 debug extra
libtiffxx5-dbgsym_4.0.8-3_amd64.deb
7d511b847f3fc1411423fa76c43574d5 95272 libs optional
libtiffxx5_4.0.8-3_amd64.deb
e4697e1fafa6ef509d3d54649959d43a 11105 libs optional
tiff_4.0.8-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAllX8kkACgkQ3OMQ54ZM
yL8/hg//fS80kZxH7NRVg/b5D5PQu4Ci2byM52C825msNSmEhiQOhfaSxEaN031E
xjEFwmaz8sN5OFrqwXuLblUtDpPANfMscI20cNxA1tWyBlhuDa23d8pWssAW+1h3
lYHEDgIh35g8sic3JvjDmL3w2Yg5prDq6ksbrxEj2etywggetek+xjRymWp9jX4s
gw6hJ1Q/mxVNw21PSNuk7HCeqzqpt/KAzV+nVmJ1VwfoOqknFVagRKWF594yelDI
82JAdhXm0fZ1AoJzjb6njZtJNSoVG8cahlddndO9fYZp+GqTfm0UAXq3E4vc6TFU
p6zLFLzucW5cs/xhvPDPmJPqg0XO08eZJy/vslQ0Hr/eTGml08w+lOYR+XcWLsWJ
3o5TpdVvZTRPC7iMNpMgIpdaHrB2y08oFX0bpNpX7HWwHejCZdjn9I7x7SSobgiC
pLy65e+qkjRA1K2G2vxD5Yk3NePbhBqHq6j0EEryEBj8Uem5eEOpmF9EuQQERieR
d1t6DySKzqK0caVBoxAgZI0NcVW+8h2n4+WKENss5Fps6TeEW1RwX/P8zH/EqU2R
wcDN6e0w9av6VSaGpstc5EPqYm7K0mZ/wqvCRBk8x/sCX6KlbLBL7gmnMX9mNjL0
frN2byEKQQ5Hhmp03z7Gw1lBs0JPbQ2Ydfgdw8V2mEE6nSzH+4M=
=vUeP
-----END PGP SIGNATURE-----
--- End Message ---
