Date: Wed, 24 Oct 2012 10:08:50 +0100 From: dsafilter To: debian-security-announce@lists.debian.org Subject: [dsafilter] DSA/2561-1 tiff on bryant of interest X-DSAFilter-Result: 101 - DSA of interest Content-Type: multipart/mixed; boundary="=-1351069730-536662-1987-6609-1-=" MIME-Version: 1.0 --=-1351069730-536662-1987-6609-1-= The following installed packages are possibly affected by the attached DSA: libtiff4 --=-1351069730-536662-1987-6609-1-= From bounce-debian-security-announce=jon+debian-security-announce=alcopop.org@lists.debian.org Wed Oct 24 10:08:50 2012 Return-path: Envelope-to: jon+debian-security-announce@alcopop.org Delivery-date: Wed, 24 Oct 2012 10:08:50 +0100 Received: from bendel.debian.org ([82.195.75.100]) by bryant.redmars.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.72) (envelope-from ) id 1TPy3T-0007kb-87 for jon+debian-security-announce@alcopop.org; Sun, 21 Oct 2012 17:07:11 +0100 Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org (Postfix) with QMQP id AA1431B5; Sun, 21 Oct 2012 16:03:30 +0000 (UTC) Old-Return-Path: X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on bendel.debian.org X-Spam-Level: X-Spam-Status: No, score=-15.0 required=4.0 tests=DIGITS_LETTERS, FVGT_m_MULTI_ODD,LDOSUBSCRIBER,LDO_WHITELIST,PGPSIGNATURE,T_RP_MATCHES_RCVD autolearn=unavailable version=3.3.2 X-Original-To: lists-debian-security-announce@bendel.debian.org Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org (Postfix) with ESMTP id 77713FD for ; Sun, 21 Oct 2012 16:03:20 +0000 (UTC) X-Virus-Scanned: at lists.debian.org with policy bank moderated X-Amavis-Spam-Status: No, score=-13.29 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DIGITS_LETTERS=1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Received: from bendel.debian.org ([127.0.0.1]) by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id z3EjFvpxjvZ9 for ; Sun, 21 Oct 2012 16:03:15 +0000 (UTC) X-policyd-weight: using cached result; rate: -6.1 Received: from inutil.org (inutil.org [83.151.30.8]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by bendel.debian.org (Postfix) with ESMTPS id A0B307B for ; Sun, 21 Oct 2012 16:03:15 +0000 (UTC) Received: from p5489b46c.dip.t-dialin.net ([84.137.180.108] helo=pisco.westfalen.local) by inutil.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.69) (envelope-from ) id 1TPxxV-0000xN-BR for debian-security-announce@lists.debian.org; Sun, 21 Oct 2012 18:01:01 +0200 Received: from jmm by pisco.westfalen.local with local (Exim 4.80) (envelope-from ) id 1TPxzX-0002Qk-Rm for debian-security-announce@lists.debian.org; Sun, 21 Oct 2012 18:03:07 +0200 Date: Sun, 21 Oct 2012 18:03:07 +0200 From: Moritz Muehlenhoff To: debian-security-announce@lists.debian.org Message-ID: <20121021160307.GA9302@pisco.westfalen.local> (sfid-20121021_170711_476299_626319FB) (sfid-20121021_170711_476299_626319FB) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-SA-Exim-Connect-IP: 84.137.180.108 X-SA-Exim-Mail-From: jmm@inutil.org X-SA-Exim-Scanned: No (on inutil.org); SAEximRunCond expanded to false X-Debian: PGP check passed for security officers Subject: [SECURITY] [DSA 2561-1] tiff security update Priority: urgent Reply-To: debian-security@lists.debian.org X-Rc-Virus: 2007-09-13_01 X-Rc-Spam: 2008-11-04_01 Resent-Message-ID: <3-GwZYAQ7DB.A.E5F.SzBhQB@bendel> Resent-From: debian-security-announce@lists.debian.org X-Mailing-List: archive/latest/1325 X-Loop: debian-security-announce@lists.debian.org List-Id: List-Post: List-Help: List-Subscribe: List-Unsubscribe: Precedence: list Resent-Sender: debian-security-announce-request@lists.debian.org Resent-Date: Sun, 21 Oct 2012 16:03:30 +0000 (UTC) X-Vercetti-Sender-Verification: failed X-CRM114-Version: 20090807-BlameThorstenAndJenny ( TRE 0.8.0 (BSD) ) MR-B9CF6B05 X-CRM114-CacheID: sfid-20121021_170711_476299_626319FB X-CRM114-Status: GOOD ( 55.10 ) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2561-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff October 21, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff Vulnerability : buffer overflow Problem type : local(remote) Debian-specific: no CVE ID : CVE-2012-4447 It was discovered that a buffer overflow in libtiff's parsing of files using PixarLog compression could lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 3.9.4-5+squeeze6. For the testing distribution (wheezy) and the unstable distribution sid), this problem has been fixed in version 3.9.6-9 of the tiff3 source package and in version 4.0.2-4 of the tiff source package. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlCEHHIACgkQXm3vHE4uylrbNgCgj1z+KMxqNBioKct5cwa7qD6S P2IAnjjisFo2oDGBS3cH4IECT7CVYxOd =4Wjs -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20121021160307.GA9302@pisco.westfalen.local --=-1351069730-536662-1987-6609-1-=--