Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron.

Advisory:
========================

Updated libtiff packages fix security vulnerability:

It was discovered that a buffer overflow in libtiff's parsing of files
using PixarLog compression could lead to the execution of arbitrary
code (CVE-2012-4447).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4447
http://www.debian.org/security/2012/dsa-2561
========================

Updated packages in core/updates_testing:
========================
libtiff-progs-3.9.5-1.6.mga1
libtiff3-3.9.5-1.6.mga1
libtiff-devel-3.9.5-1.6.mga1
libtiff-static-devel-3.9.5-1.6.mga1
libtiff-progs-4.0.1-2.3.mga2
libtiff5-4.0.1-2.3.mga2
libtiff-devel-4.0.1-2.3.mga2
libtiff-static-devel-4.0.1-2.3.mga2

from SRPMS:
libtiff-3.9.5-1.6.mga1.src.rpm
libtiff-4.0.1-2.3.mga2.src.rpm

Version: Cauldron => 2
Assignee: bugsquad => qa-bugs
Whiteboard: (none) => MGA1TOO

With the update, tiff support is still working fine.

CC: (none) => goetz.waschk
Whiteboard: MGA1TOO => MGA1TOO MGA2-64-OK

Procedure here: https://wiki.mageia.org/en/QA_procedure:Libtiff

Whiteboard: MGA1TOO MGA2-64-OK => MGA1TOO has_procedure MGA2-64-OK

No PoC's

testing mga2 32

Testing complete mga2 32

Whiteboard: MGA1TOO has_procedure MGA2-64-OK => MGA1TOO has_procedure MGA2-64-OK mga2-32-OK

testing complete mga1 32

Whiteboard: MGA1TOO has_procedure MGA2-64-OK mga2-32-OK => MGA1TOO has_procedure mga1-32-OK MGA2-64-OK mga2-32-OK

Testing complete mga1 64

Validating

Advisory and srpms in comment 1

Could sysadmin please push from core/updates_testing to core/updates

Thanks!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: MGA1TOO has_procedure mga1-32-OK MGA2-64-OK mga2-32-OK => MGA1TOO has_procedure mga1-32-OK mga1-64-OK MGA2-64-OK mga2-32-OK

Update pushed:

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

(In reply to comment #9)
> Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0317