-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2965-1 security@debian.org http://www.debian.org/security/ Michael Gilbert June 22, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : tiff CVE ID : CVE-2013-4243 Debian Bug : 742917 Murray McAllister discovered a heap-based buffer overflow in the gif2tiff command line tool. Executing gif2tiff on a malicious tiff image could result in arbitrary code execution. For the stable distribution (wheezy), this problem has been fixed in version 4.0.2-6+deb7u3. For the testing distribution (jessie), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 4.0.3-9. We recommend that you upgrade your tiff packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQQcBAEBCgAGBQJTpn43AAoJELjWss0C1vRzdBMgAMSF6LOZehhGi/s/gETqfDBh 5kRsWm/fjKjj+0RFivyW1o5N2DLX1Mkl5i2N6mwP7k7PkFqd4g5POWB/EmILfKB6 63UU1V2Xq8AYduj2txiYND+JUzkYKvEgBIuWWaOdQlhoa3ruTu8gEq5raA24sME5 fwkbmMGNffTRrileo/lw7I/N5wXjiBq8p/WTq9V0G3Dq0BZKMpQmneyfe3M122FG CiBLcP48bi1b3G1fQ8EtKvaDlvfq8j55k4jiH8If0KD+t1NSZKOPiPH8voH3Oxnm 8Ijix65NPdVYQ+ZtPZDnr6qGEIbMpbmDxggzBaHX4TXfJEmYzxxt9nLIzP5zf90j bFbP5cCub++3psoCBQ+jEh5TmILBJdU6xqPNcMOrUyCZYcDoIc8F0u1MLdmupDiY Hlk9LLrgueVj7lyM6A5y6pWMfca0+Rir5F1TTlO1nZZv7q4KRPI3E7dgXIX19gmU eytQSou61bYAuQJI0Cgb6G532h+xD09c4iwAu5aADiK6wKTQ5XWjdl7DjGJt4RIx bKtuprofvaVJ1iUWaFCaRGo2fQs0Z4e8mgZtT6a0xLNZdmwmLpjgK3ngFhf1sEsf rKYuEV9m1COm27mBo90J+4RUa7BGXh/H+mtj0zbH3UqZdfWxOlZYEOZa2VVKDlgw Ulfn2kUOBvs+Gh68/wqoqjjILsrnzXBxjAhwJSR0/UjLcOWw54KZ+Kyw2gT0lf2Q AoNOE9qWxk0ZNSDBI5SwH2Sf0XfDqwqoQ7YJSc6AuvsPOWXnsOdo5FHRXiKa3gVo aBykVk4H4IcOqld4+2h+QUtTqxYYR7LdWRawzekDKXRUtyUngrCP97BbwxX8afq7 t6YSUnE5zCxgeSss1LKSx3bMi4JitJoi64g5z+hrYQRSwVzamqVBnt1aB7gT4WZh WlqgAkjAHaiyD1XdULhpCA5N+dZKvt51C2YaN6mOnOFKsPqfWltn2R94nHzIhONl d7tRjPd1JkXgYp5H6fK71hREGZmBEQQNbdgYI5bOWFBRb8RbtS0yzgEV3VwGDbqQ W/f6ATDntaPGA045PS9S1EjtDG2bLBPxEs5Fk/BBxFfYntYMh/xpMCEKL5VfVcYN uvsMvd97aHTBSvMixq6Ncrt0roE/jaWkUEU/JUXHNRWNUBInmJUGwoVI4HB2TA9c 4ih1E+XIJxwFHZAOVBKA1DUBFAA4n0BZ/UpwJnh5TT1V/+F53/msrDXZ9FVvcvCl pontPEW/fJZbO6sC4nhJMjEjOjZv4q2JsUV2HowOhnNfhpdmvVrvcgSlgCHK00OP Y/Qbj8g7DbsDqAOO5rOdvB69V4xWjeBMLBmEYvYZ4yX1dHG9Y2uwyXaHRJidTQE= =ZGfn -----END PGP SIGNATURE-----