Your message dated Sat, 15 Jul 2017 21:48:32 +0000
with message-id <[email protected]>
and subject line Bug#866611: fixed in tiff 4.0.8-2+deb9u1
has caused the Debian Bug report #866611,
regarding tiff: CVE-2017-10688
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
866611: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866611
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: tiff
Version: 4.0.8-2
Severity: important
Tags: upstream security
Forwarded: http://bugzilla.maptools.org/show_bug.cgi?id=2712
Hi,
the following vulnerability was published for tiff.
CVE-2017-10688[0]:
| In LibTIFF 4.0.8, there is a assertion abort in the
| TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A
| crafted input will lead to a remote denial of service attack.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-10688
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10688
[1] http://bugzilla.maptools.org/show_bug.cgi?id=2712
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tiff
Source-Version: 4.0.8-2+deb9u1
We believe that the bug you reported is fixed in the latest version of
tiff, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated tiff package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 02 Jul 2017 08:36:06 +0000
Source: tiff
Binary: libtiff5 libtiffxx5 libtiff5-dev libtiff-tools libtiff-opengl
libtiff-doc
Architecture: source all amd64
Version: 4.0.8-2+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
libtiff-doc - TIFF manipulation and conversion documentation
libtiff-opengl - TIFF manipulation and conversion tools
libtiff-tools - TIFF manipulation and conversion tools
libtiff5 - Tag Image File Format (TIFF) library
libtiff5-dev - Tag Image File Format library (TIFF), development files
libtiffxx5 - Tag Image File Format (TIFF) library -- C++ interface
Closes: 866113 866611
Changes:
tiff (4.0.8-2+deb9u1) stretch-security; urgency=high
.
* Backport security fixes:
- CVE-2017-9936, memory leak in error code path of JBIGDecode()
(closes: #866113),
- prevent out of memory in gtTileContig() on corrupted files,
- CVE-2017-10688, assertion failure in TIFFWriteDirectoryTagCheckedXXXX()
(closes: #866611).
* Add required _TIFFReadEncodedStripAndAllocBuffer@LIBTIFF_4.0 symbol to the
libtiff5 package.
Checksums-Sha1:
971fd23c33eea7281506675641d6b4daef830473 2185 tiff_4.0.8-2+deb9u1.dsc
88717c97480a7976c94d23b6d9ed4ac74715267f 2065574 tiff_4.0.8.orig.tar.gz
901db4f50e21fd2ac682d33e8a9f3a62011992de 22508
tiff_4.0.8-2+deb9u1.debian.tar.xz
f5f287e70ddde7045a49c64b3a71556b22c914eb 395402
libtiff-doc_4.0.8-2+deb9u1_all.deb
64164e370688266134be5c1cfc5b62cd25c7e823 14186
libtiff-opengl-dbgsym_4.0.8-2+deb9u1_amd64.deb
a3519119cd713bfcabd2febf3e48a6a9e1720e37 99980
libtiff-opengl_4.0.8-2+deb9u1_amd64.deb
84e463d01daced6991bc31002b8bc83d69a25af2 351774
libtiff-tools-dbgsym_4.0.8-2+deb9u1_amd64.deb
5eab3d801adb687e7a8bfdd6b53d451aee89567e 280796
libtiff-tools_4.0.8-2+deb9u1_amd64.deb
efb42add726dcdb6fe802fbbc0eceacf512af21d 371102
libtiff5-dbgsym_4.0.8-2+deb9u1_amd64.deb
2f0c7c6042251032ea40c563fa0d48b39e4e983e 359410
libtiff5-dev_4.0.8-2+deb9u1_amd64.deb
34b1213e796c8abe017c5ac665edf21dd5586dbe 237022
libtiff5_4.0.8-2+deb9u1_amd64.deb
c517d4ce68bad9866ed086cd1e04155bbbc9c552 21040
libtiffxx5-dbgsym_4.0.8-2+deb9u1_amd64.deb
4081bf4460bb3e36ea64e40e831b6b6cc37b7410 95286
libtiffxx5_4.0.8-2+deb9u1_amd64.deb
da00fbb6859c7e19c53b561a8a9c104feccb3ab4 10842
tiff_4.0.8-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
81fc0a21746ffbfdf3db69f671e4b4fda5416aedc057f97aec73d6c2889ca10d 2185
tiff_4.0.8-2+deb9u1.dsc
59d7a5a8ccd92059913f246877db95a2918e6c04fb9d43fd74e5c3390dac2910 2065574
tiff_4.0.8.orig.tar.gz
a0ed755351bbc4e8a05413316d782c071bccfb1b915767cc9bc09d56f31d34b5 22508
tiff_4.0.8-2+deb9u1.debian.tar.xz
00a8d890ad5a2fc098594b7f8c95b22664277c7a54534bb6e71aa847fa569e4b 395402
libtiff-doc_4.0.8-2+deb9u1_all.deb
fd093e5bdba3eb29089320effdf186650e00d78e6c9c76addd5ff516c642da6d 14186
libtiff-opengl-dbgsym_4.0.8-2+deb9u1_amd64.deb
2dac051b72af51fecad6c6adfd0faf8ebe5ee730893ff2287de77e14295c2302 99980
libtiff-opengl_4.0.8-2+deb9u1_amd64.deb
56f2f72520e4fc64d13ec6aad6a0677979e7a54897bc5febe970dab50214ebed 351774
libtiff-tools-dbgsym_4.0.8-2+deb9u1_amd64.deb
aa0ae0553e0e741da257783ce53b2490c2a16036d5cdeff1693e97b372f2515a 280796
libtiff-tools_4.0.8-2+deb9u1_amd64.deb
af7b76c95269b4014f9a2e54e8e4d71ef33e33d36f8d4a61263325d0ea56a8b8 371102
libtiff5-dbgsym_4.0.8-2+deb9u1_amd64.deb
79dee27ca371a92e1c10d9c1b5470ee5388f996813c8cf4f727a71b62c19d171 359410
libtiff5-dev_4.0.8-2+deb9u1_amd64.deb
1457671e46cfab7548ff0f7c4c3bfc9c8484bc8780fd7630b37f076b93500210 237022
libtiff5_4.0.8-2+deb9u1_amd64.deb
70feeb2a4dd86daececa0f690d77edb585a470ae2ce5243f801d80b1ad03ccc9 21040
libtiffxx5-dbgsym_4.0.8-2+deb9u1_amd64.deb
4b0b1317365a3b6c86d32149ec42fc3671003c220827d69e0f266ea78da66902 95286
libtiffxx5_4.0.8-2+deb9u1_amd64.deb
784e20c0ed6234344706c078f6032fb4147f54173d81636d13e2a20f5ffaed5c 10842
tiff_4.0.8-2+deb9u1_amd64.buildinfo
Files:
a23e9fc57ea25878e9e1987e2b0ebfe3 2185 libs optional tiff_4.0.8-2+deb9u1.dsc
2a7d1c1318416ddf36d5f6fa4600069b 2065574 libs optional tiff_4.0.8.orig.tar.gz
ee0cd9531a5a35daa3edbdb479b48d0c 22508 libs optional
tiff_4.0.8-2+deb9u1.debian.tar.xz
bcad7c406cd2660a8e80740b281594df 395402 doc optional
libtiff-doc_4.0.8-2+deb9u1_all.deb
ad566e7ba0640c84021be1fe031c9964 14186 debug extra
libtiff-opengl-dbgsym_4.0.8-2+deb9u1_amd64.deb
9ab77d60d9249a876f495214383141aa 99980 graphics optional
libtiff-opengl_4.0.8-2+deb9u1_amd64.deb
d5078358ffca63630c64a2318c9608df 351774 debug extra
libtiff-tools-dbgsym_4.0.8-2+deb9u1_amd64.deb
7c81a1c2e7145abd2d88ecbce22c3c2b 280796 graphics optional
libtiff-tools_4.0.8-2+deb9u1_amd64.deb
664e31bf4ddff2cd25d91143a0096d19 371102 debug extra
libtiff5-dbgsym_4.0.8-2+deb9u1_amd64.deb
1c1b1860fd8a0db6bb8cffe29f7a86d9 359410 libdevel optional
libtiff5-dev_4.0.8-2+deb9u1_amd64.deb
dbd7cbab9ea6c5c44fad0da25decba97 237022 libs optional
libtiff5_4.0.8-2+deb9u1_amd64.deb
93e1f40d217d117f74134369ae8f8c82 21040 debug extra
libtiffxx5-dbgsym_4.0.8-2+deb9u1_amd64.deb
7ada7176b11bd5513c2d5848ffb117eb 95286 libs optional
libtiffxx5_4.0.8-2+deb9u1_amd64.deb
c340844a1b674c79e1a4acf8af80c101 10842 libs optional
tiff_4.0.8-2+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAllZE3wACgkQ3OMQ54ZM
yL9njQ/+IyzvLyCmWh2XRhVte1MkyaoqBoccdkhCnhXSl5EB7OTp3Xg17tV941I+
bqCkrhvJr0Lb21RiYc6MJSzV9MEcLuV9Cc+YJChy32ET6Q+SC5T3g2T/Dmipp+Eq
p4DLC5jPhWZhod5Ij/7c3u+7d6dHzUCbhYFO2Uzax8bS1LKTAOv2mIESDOQZnHML
ccZe/UsLH4Ejhg2f90RPZhQvEGYG1FxA7Kx2CmDh33+mlTtHrQ5k1owVvGnpOjZG
r9+I6R+L80xDb07E8HZyexdMlt04cMjLKA4sEj7W2AUK8BFinGsx45UZYl3xftqP
o3dudLVYS6LrrCmtvo2ZzakXlQwyZQzs2uDqAwAUmm4crq619vGwQwk8rNTQEHoi
K2oPNmZWHfBHHs1KOT4q0b4CMqQTGcN5IJLHrQKsFGPXU3FWtMhmdf1yBNHSlPcz
ODRVoPior3y3LyarFDoVlNWqiTDztyFD8ZtIkTHLTWKF5a4D2zdzGZNR6xbQzuCG
sbj+hwj1Nq3s0U/aU4MoIE/jJQG02IoTAg1CHG12lz/xH4FK85sMNfbALxZwowlN
74cogB5EP0vBbPmZoPkqZb+sr3iTYh8ouRQe/y5Dsu/+YVzeNYaxLilXY0toUzx2
E1/PueX/S0xUKQAneLE4QuamIUNIGSB6oSdCKi1x4Oj5b+p+YTk=
=lUV0
-----END PGP SIGNATURE-----
--- End Message ---
