Missing public key -- Re: [SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities

To: debian-security@lists.debian.org
Subject: Missing public key -- Re: [SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
From: "Lukas Faulstich" <Lukas.Faulstich@alumni.hu-berlin.de>
Date: Thu, 16 Jul 2009 00:41:32 +0200
Message-id: <[🔎] e7c318da17a8991e5f679386c8677925.squirrel@webmail.alumni.hu-berlin.de>
In-reply-to: <20090715192019.GA30914@galadriel.inutil.org>
References: <20090715192019.GA30914@galadriel.inutil.org>
apt-get was not able to authenticate the security updates from DSA-1835-1
due to a missing public key (see Listing 1 below). Furthermore, I was not
able to verify the security advisory because I could not connect to
keyring.debian.org, although I was able to ping it, see Listing 2 below.

How should I proceed? Are the security updates maybe corrupted? Thanks in
advance for your help,

Lukas Faulstich

PS: I suggest to add the topic "how to obtain the public key for verifying
Debian Security Advisories" to http://www.debian.org/security/faq


Listing1:
# apt-get update
Hole:1 http://security.debian.org etch/updates Release.gpg [835B]
OK   http://security.debian.org etch/updates Release
Fehl http://security.debian.org etch/updates Release

Hole:2 http://security.debian.org etch/updates Release [37,6kB]
Ign http://security.debian.org etch/updates Release
Ign http://security.debian.org etch/updates/main Packages/DiffIndex
OK   http://security.debian.org etch/updates/main Packages
Es wurden 38,5kB in 1s geholt (21,1kB/s)
Paketlisten werden gelesen... Fertig
W: GPG error: http://security.debian.org etch/updates Release: Die
folgenden Signaturen konnten nicht überprüft werden, weil ihr öffentlicher
Schlüssel nicht verfügbar ist: NO_PUBKEY 9AA38DCD55BE302B
W: Probieren Sie »apt-get update«, um diese Probleme zu korrigieren.

# apt-get upgrade
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut... Fertig
Die folgenden Pakete werden aktualisiert:
  libtiff4
1 aktualisiert, 0 neu installiert, 0 zu entfernen und 0 nicht aktualisiert.
Es müssen 483kB Archive geholt werden.
Nach dem Auspacken werden 49,2kB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren [J/n]? j
WARNUNG: Die folgenden Pakete können nicht authentifiziert werden!
  libtiff4
Diese Pakete ohne Überprüfung installieren [j/N]? N
E: Einige Pakete konnten nicht authentifiziert werden


Listing2:
> gpg --keyserver keyring.debian.org --search-keys security@debian.org
gpg: searching for "security@debian.org" from hkp server keyring.debian.org
?: keyring.debian.org: Connection refused
gpgkeys: HTTP search error 7: couldn't connect: Connection refused
gpg: key "security@debian.org" not found on keyserver
gpg: keyserver internal error
gpg: keyserver search failed: keyserver error
> ping keyring.debian.org
PING keyring.debian.org (82.195.75.107) 56(84) bytes of data.
64 bytes from kaufmann.debian.org (82.195.75.107): icmp_seq=1 ttl=54
time=66.1 ms
64 bytes from kaufmann.debian.org (82.195.75.107): icmp_seq=2 ttl=54
time=66.0 ms
64 bytes from kaufmann.debian.org (82.195.75.107): icmp_seq=3 ttl=54
time=68.4 ms

--- keyring.debian.org ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 66.091/66.885/68.465/1.136 ms


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> - ------------------------------------------------------------------------
> Debian Security Advisory DSA-1835-1                  security@debian.org
> http://www.debian.org/security/                       Moritz Muehlenhoff
> July 15, 2009                         http://www.debian.org/security/faq
> - ------------------------------------------------------------------------
>
> Package        : tiff
> Vulnerability  : several
> Problem type   : local(remote)
> Debian-specific: no
> CVE Id(s)      : CVE-2009-2285 CVE-2009-2347
> Debian Bug     : 534137
>
> Several vulnerabilities have been discovered in the library for the
> Tag Image File Format (TIFF). The Common Vulnerabilities and Exposures
> project identifies the following problems:
>
> CVE-2009-2285
>
>    It was discovered that malformed TIFF images can lead to a crash
>    in the decompression code, resulting in denial of service.
>
> CVE-2009-2347
>
>    Andrea Barisani discovered several integer overflows, which
>    can lead to the execution of arbitrary code if malformed
>    images are passed to the rgb2ycbcr or tiff2rgba tools.
>
> For the old stable distribution (etch), these problems have been fixed
> in version 3.8.2-7+etch3.
>
> For the stable distribution (lenny), these problems have been fixed in
> version 3.8.2-11.2.
>
> For the unstable distribution (sid), these problems will be fixed soon.
>
> We recommend that you upgrade your tiff packages.
>
> Upgrade instructions
> - --------------------
>
> wget url
>         will fetch the file for you
> dpkg -i file.deb
>         will install the referenced file.
>
> If you are using the apt-get package manager, use the line for
> sources.list as given below:
>
> apt-get update
>         will update the internal database
> apt-get upgrade
>         will install corrected packages
>
> You may use an automated update by adding the resources from the
> footer to the proper configuration.
>
>
> Debian GNU/Linux 4.0 alias etch
> - -------------------------------
>
> Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64,
> mips, mipsel, powerpc, s390 and sparc.
>
> Source archives:
>
>   http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.dsc
>     Size/MD5 checksum:      762 36f73ea87004a60aab14631f13d3471b
>   http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-7+etch3.diff.gz
>     Size/MD5 checksum:    18868 e052c2395ca6c0f7e3f8af8891a4a58c
>
> alpha architecture (DEC Alpha)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_alpha.deb
>     Size/MD5 checksum:   296942 111a269342351ea17df42220da828f10
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_alpha.deb
>     Size/MD5 checksum:     5150 d30d96aee257911bb31f7b2edc787910
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_alpha.deb
>     Size/MD5 checksum:   507488 9116610934053314a4381f45ecb5c74c
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_alpha.deb
>     Size/MD5 checksum:   207572 980945ad1d2cb4f850fbfc571ee22881
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_alpha.deb
>     Size/MD5 checksum:    11290 04212bd484cc3182dd2032e112e6cb04
>
> amd64 architecture (AMD x86_64 (AMD64))
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_amd64.deb
>     Size/MD5 checksum:   248094 39bddfebcb9817a32c5384dfb00e74f4
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_amd64.deb
>     Size/MD5 checksum:     4928 6b3cef2bbed56f07dda4c7030decb885
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_amd64.deb
>     Size/MD5 checksum:    10296 f05b715568050045aaa09f5fc0c411ea
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_amd64.deb
>     Size/MD5 checksum:   183836 09b83f517d72bb367474ef19fd44745e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_amd64.deb
>     Size/MD5 checksum:   489394 938b279275a47560cfc657975cdd891e
>
> arm architecture (ARM)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_arm.deb
>     Size/MD5 checksum:     9978 e56eb8f02f9cda4d3f85087801093bf3
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_arm.deb
>     Size/MD5 checksum:     4420 646ec0aab1389b2d15624777e98c3424
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_arm.deb
>     Size/MD5 checksum:   236180 14f129fa7e425057ac3150cb25b910dc
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_arm.deb
>     Size/MD5 checksum:   499350 d50887f9ad506832583d53fbc2150687
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_arm.deb
>     Size/MD5 checksum:   181140 d97dce9dd3c76ac562aca729639bea49
>
> hppa architecture (HP PA RISC)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_hppa.deb
>     Size/MD5 checksum:    10886 a8a0b324c7eadbab319d053f5ffa8b75
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_hppa.deb
>     Size/MD5 checksum:   196152 e50a64940c53351042db9e354adec121
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_hppa.deb
>     Size/MD5 checksum:   267962 143480ae705b8bf34f9857bda9f56db6
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_hppa.deb
>     Size/MD5 checksum:   515796 8d3ec336799f358b42581fd92586cf66
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_hppa.deb
>     Size/MD5 checksum:     6004 d080e0a85557cc7fca4d07b7c1022e47
>
> i386 architecture (Intel ia32)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_i386.deb
>     Size/MD5 checksum:     5012 5e8b86ed2dc5efe32559556e1abeb59e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_i386.deb
>     Size/MD5 checksum:   175630 1ed6abc2557ccbdacfc38ca67290868a
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_i386.deb
>     Size/MD5 checksum:     9860 77eed101177448e2eb9c5b696b9f9b05
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_i386.deb
>     Size/MD5 checksum:   233494 58ae9a5e29486caed9b27d74395fd69e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_i386.deb
>     Size/MD5 checksum:   483206 98ab5ac548af4998db017f6dc568821e
>
> ia64 architecture (Intel ia64)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_ia64.deb
>     Size/MD5 checksum:    13170 f946d23c3f894b312c7f6d33ded01d4b
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_ia64.deb
>     Size/MD5 checksum:   251070 3e6a616ac15acf9baf87327a7bdcb3e6
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_ia64.deb
>     Size/MD5 checksum:   326196 95d71750ad5502543377ff0739d6b2a3
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_ia64.deb
>     Size/MD5 checksum:     6722 dccfb36e482dd7e8f61a49a7492ab4b5
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_ia64.deb
>     Size/MD5 checksum:   552342 ae85fb2298db8aa66f12d45f9e7d0000
>
> mips architecture (MIPS (Big Endian))
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_mips.deb
>     Size/MD5 checksum:    10658 ea25cb0f6a6c018d175644da7123c613
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_mips.deb
>     Size/MD5 checksum:   485344 b4ee0a92d46408238bd14e2761eb3a60
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_mips.deb
>     Size/MD5 checksum:   188386 2ca5227913d149c2c3901dd127ce51c1
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_mips.deb
>     Size/MD5 checksum:   264386 0a089d68e60d52945c552a0b91a194d1
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_mips.deb
>     Size/MD5 checksum:     5158 8f74f09a323379d1b60de67faf979942
>
> mipsel architecture (MIPS (Little Endian))
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_mipsel.deb
>     Size/MD5 checksum:   188960 7fada9867fb319b84784b7b119603c6f
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_mipsel.deb
>     Size/MD5 checksum:    10642 f57ba50e42a8ef4cd45396396990754e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_mipsel.deb
>     Size/MD5 checksum:   264576 8e4e6441e12f37b5723847b7765097ad
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_mipsel.deb
>     Size/MD5 checksum:     5138 766e8618f1c308ef64b24f5225103901
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_mipsel.deb
>     Size/MD5 checksum:   485392 0f554374048d5574dd6860e34e770930
>
> powerpc architecture (PowerPC)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_powerpc.deb
>     Size/MD5 checksum:   504012 c9779c9112652cba3f26bab33afabfc7
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_powerpc.deb
>     Size/MD5 checksum:   254060 672b8396f12b9e01434fa077e1611d86
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_powerpc.deb
>     Size/MD5 checksum:   203862 afc47f6e981fba5e177bca43ff8b1a7b
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_powerpc.deb
>     Size/MD5 checksum:    11812 57eb8b73df7a84bfe9e8fff861ea693f
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_powerpc.deb
>     Size/MD5 checksum:     6694 213160fb71e26b30255c544e5e7fd69a
>
> s390 architecture (IBM S/390)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_s390.deb
>     Size/MD5 checksum:    10722 6efc6c6950a795f58c6defceebb255ee
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_s390.deb
>     Size/MD5 checksum:     5234 dde2c8e4d1c3bf64ff8cfada57450216
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_s390.deb
>     Size/MD5 checksum:   248752 c9946c79b44fafcccd7bc4dc442a6392
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_s390.deb
>     Size/MD5 checksum:   497694 ae661ad97a3e6847ccf6da0e4da7df8c
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_s390.deb
>     Size/MD5 checksum:   182726 29728322bbe8decf9c728ebf3688e7d9
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-7+etch3_sparc.deb
>     Size/MD5 checksum:   495792 2dce34c146f793fb8c736b5134c3966d
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-7+etch3_sparc.deb
>     Size/MD5 checksum:   238040 96385ebc347e32f74de93a66899e1d17
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-7+etch3_sparc.deb
>     Size/MD5 checksum:    10232 65dd91095c8cd47fd76fb45a2da57067
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-7+etch3_sparc.deb
>     Size/MD5 checksum:   172004 89717a135257703b170e34ee6c50e407
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-7+etch3_sparc.deb
>     Size/MD5 checksum:     4694 f53e42c5430461b3b4890313b00f2f83
>
> Debian GNU/Linux 5.0 alias lenny
> - --------------------------------
>
> Stable updates are available for alpha, amd64, arm, armel, hppa, i386,
> ia64, mips, mipsel, powerpc, s390 and sparc.
>
> Source archives:
>
>   http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.2.dsc
>     Size/MD5 checksum:     1196 c61acedd4493ae0f675ffc611219ae21
>   http://security.debian.org/pool/updates/main/t/tiff/tiff_3.8.2-11.2.diff.gz
>     Size/MD5 checksum:    39075 1985df0b4d4b6047d604c18ff9bcb901
>
> Architecture independent packages:
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-doc_3.8.2-11.2_all.deb
>     Size/MD5 checksum:   383532 52b6d5fc17bf54e7c9d6327c2f21653d
>
> alpha architecture (DEC Alpha)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_alpha.deb
>     Size/MD5 checksum:   183988 bd8137753496c3c2b21d91e19b78cc9f
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_alpha.deb
>     Size/MD5 checksum:   339004 cb2edeb22053a3e944c81300272871e6
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_alpha.deb
>     Size/MD5 checksum:    55812 9b24f1f8601883f4f6430afaf61b7be1
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_alpha.deb
>     Size/MD5 checksum:    49812 3833a231e05944f57651d66da9fe5f97
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_alpha.deb
>     Size/MD5 checksum:   252810 66c7b7e9f84dc2259f2f7f2776d521c6
>
> amd64 architecture (AMD x86_64 (AMD64))
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_amd64.deb
>     Size/MD5 checksum:   170674 5650754622d9598fa65202faba34130e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_amd64.deb
>     Size/MD5 checksum:   232172 ace8a6e0347fc01734ebee80a7ef5587
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_amd64.deb
>     Size/MD5 checksum:    54760 10c512849acfd403ee07cba11e474c8b
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_amd64.deb
>     Size/MD5 checksum:    49680 920043baa061c9dbef860e41a3f1a583
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_amd64.deb
>     Size/MD5 checksum:   293354 0af7a3bbc79749794ff48cdcecf4e43c
>
> arm architecture (ARM)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_arm.deb
>     Size/MD5 checksum:   160320 9d0709f2b4a0da7148204c15382a8858
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_arm.deb
>     Size/MD5 checksum:    48126 40ebc4cc7e3cf3dee951965da5bd8cd5
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_arm.deb
>     Size/MD5 checksum:   277572 dc61062c6f02e859ed7ac4d624246121
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_arm.deb
>     Size/MD5 checksum:    53500 117586c6131cc0ac775dcab14b8c0d5c
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_arm.deb
>     Size/MD5 checksum:   226998 113904ba4dc113aaa715617fd61aaeb7
>
> armel architecture (ARM EABI)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_armel.deb
>     Size/MD5 checksum:   234136 a9347e98a82b04fe6f2f1654d2c6029e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_armel.deb
>     Size/MD5 checksum:   161720 4bb949d04e6d28ca9b976233108d2d6a
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_armel.deb
>     Size/MD5 checksum:    55974 eb4eb7f937d988488bcdc1f7b64712cf
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_armel.deb
>     Size/MD5 checksum:    48504 e3dc565032463e605f72119f4495a419
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_armel.deb
>     Size/MD5 checksum:   278336 0b7b73cefac726ee7ac4e00d900227ca
>
> hppa architecture (HP PA RISC)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_hppa.deb
>     Size/MD5 checksum:   176202 f6445adc8cb99cee5a472f12cf6fb90e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_hppa.deb
>     Size/MD5 checksum:    54680 5a6e9fc86aa6eef314899535100f7105
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_hppa.deb
>     Size/MD5 checksum:   240752 555bb7db50f993fdb3849b313842cefe
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_hppa.deb
>     Size/MD5 checksum:   309034 5179d2dcf94f1b10a75caae7be808cc9
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_hppa.deb
>     Size/MD5 checksum:    49876 818f43b0c535417d3acaa94ec1ca9844
>
> i386 architecture (Intel ia32)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_i386.deb
>     Size/MD5 checksum:    48826 fc39da66ddff0e33e9b0d51b2248601a
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_i386.deb
>     Size/MD5 checksum:   218506 939da912792c676786664fd2996a9745
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_i386.deb
>     Size/MD5 checksum:    53384 3c5a7d5ad8f7fcad57441170e7e76702
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_i386.deb
>     Size/MD5 checksum:   275694 f3041b4462b8142ef2bf0229ccf4928c
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_i386.deb
>     Size/MD5 checksum:   161018 42b1c14eb094d0bc14247fb812a495bb
>
> ia64 architecture (Intel ia64)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_ia64.deb
>     Size/MD5 checksum:   229558 d65d3370566c1b3ab9386b27b8fe1ef8
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_ia64.deb
>     Size/MD5 checksum:    50526 0334f51430892eb504fa49db6fabd4db
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_ia64.deb
>     Size/MD5 checksum:   369350 741d24b7c42e2a44b28934156297ff88
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_ia64.deb
>     Size/MD5 checksum:    56920 171af454e1f47761d5e3629a30816cf3
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_ia64.deb
>     Size/MD5 checksum:   293788 db7390b4c93157e02f6ee49b6f13f010
>
> mips architecture (MIPS (Big Endian))
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_mips.deb
>     Size/MD5 checksum:   164126 fc7a6f5704e49fb631591d3c9089c4d8
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_mips.deb
>     Size/MD5 checksum:   307262 9a614840c5a856c721f4322562e97144
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_mips.deb
>     Size/MD5 checksum:   228056 8ea8ae92f72428da8d989c229dcfeb4e
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_mips.deb
>     Size/MD5 checksum:    54406 033f6bf865b2b07611793376064c69ea
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_mips.deb
>     Size/MD5 checksum:    49100 1ae3cf735a53a024473395319241cb18
>
> mipsel architecture (MIPS (Little Endian))
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_mipsel.deb
>     Size/MD5 checksum:    49072 f280e6e5ca2b2ac838de98f6a85a4893
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_mipsel.deb
>     Size/MD5 checksum:    54382 86c36d3914ad522339e36e5a71960021
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_mipsel.deb
>     Size/MD5 checksum:   307464 fcfbb56d36139c61661bc315c40f1d0d
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_mipsel.deb
>     Size/MD5 checksum:   164436 f903e60e9f30f234370c6f7f95c4e395
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_mipsel.deb
>     Size/MD5 checksum:   228856 6bd4840b0cf0d3597f02e6489e050c88
>
> powerpc architecture (PowerPC)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_powerpc.deb
>     Size/MD5 checksum:    56962 482b92a6b06ba0f64ef9e32d550ecb35
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_powerpc.deb
>     Size/MD5 checksum:   269026 b2289198ee2c5a8337bca51dc994e638
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_powerpc.deb
>     Size/MD5 checksum:   298288 efff01b1a658b490b72c86f55116bf0b
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_powerpc.deb
>     Size/MD5 checksum:   173366 da8cb4e7f7374ad0a589912fbf33aaf3
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_powerpc.deb
>     Size/MD5 checksum:    51416 bd082e1d2672d6e15a5c44f948251994
>
> s390 architecture (IBM S/390)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_s390.deb
>     Size/MD5 checksum:   292956 8251186b6718059bbd6467b9b0c15bda
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_s390.deb
>     Size/MD5 checksum:   230810 2ba2bb2867eedef08a36743085d3e8b2
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_s390.deb
>     Size/MD5 checksum:   176174 dde8e1d1b15b76136efc54a0fb31ceee
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_s390.deb
>     Size/MD5 checksum:    54786 2e0589c84040dd8cf5e383e61440c45b
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_s390.deb
>     Size/MD5 checksum:    49062 33e6cd29cfbba31d181a83beae1413b0
>
> sparc architecture (Sun SPARC/UltraSPARC)
>
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-opengl_3.8.2-11.2_sparc.deb
>     Size/MD5 checksum:    54150 4495237de528ae6098ab72cb5169bf65
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff-tools_3.8.2-11.2_sparc.deb
>     Size/MD5 checksum:   222798 e5cd11c6bead4350f603505913d3df13
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4-dev_3.8.2-11.2_sparc.deb
>     Size/MD5 checksum:   280310 49ff3125e71d13a9ac4bebdd0fc9d55f
>   http://security.debian.org/pool/updates/main/t/tiff/libtiffxx0c2_3.8.2-11.2_sparc.deb
>     Size/MD5 checksum:    48336 792f74e17a925458c46327bd767964ab
>   http://security.debian.org/pool/updates/main/t/tiff/libtiff4_3.8.2-11.2_sparc.deb
>     Size/MD5 checksum:   158624 3dd4698acd3804ca878e90a846b6b659
>
>
>   These files will probably be moved into the stable distribution on
>   its next update.
>
> -
> ---------------------------------------------------------------------------------
> For apt-get: deb http://security.debian.org/ stable/updates main
> For dpkg-ftp: ftp://security.debian.org/debian-security
> dists/stable/updates/main
> Mailing list: debian-security-announce@lists.debian.org
> Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
>
>
>
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.9 (GNU/Linux)
>
> iEYEARECAAYFAkpeK6sACgkQXm3vHE4uyloI/wCfX9SO7ITCG1plypSniHl2FPq7
> pW0AoNbuOAvrNoQVaM8VAhpSK3dlF7/o
> =4FZN
> -----END PGP SIGNATURE-----
>
>
> --
> To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
>
Reply to:
Follow-Ups:
- Re: Missing public key -- Re: [SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
  - From: Michel Messerschmidt <lists@michel-messerschmidt.de>
- Re: Missing public key -- Re: [SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
  - From: aliceinwire <aliceinwire@gnumerica.org>
Prev by Date: [SEC#LVW-YnCMb-005] [SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
Next by Date: Re: Missing public key -- Re: [SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
Previous by thread: [SEC#LVW-YnCMb-005] [SECURITY] [DSA 1834-1] New apache2 packages fix denial of service
Next by thread: Re: Missing public key -- Re: [SECURITY] [DSA 1835-1] New tiff packages fix several vulnerabilities
Index(es):
- Date
- Thread