Debian Bug report logs -
#904114
CVE-2018-11490
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#904114; Package src:giflib.
(Thu, 19 Jul 2018 21:39:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian QA Group <packages@qa.debian.org>.
(Thu, 19 Jul 2018 21:39:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: giflib
Severity: important
Tags: security
https://sourceforge.net/p/giflib/bugs/113/
Marked as found in versions giflib/5.1.4-0.1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 20 Jul 2018 04:00:06 GMT) (full text, mbox, link).
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 20 Jul 2018 04:00:09 GMT) (full text, mbox, link).
Reply sent
to Andreas Metzler <ametzler@debian.org>:
You have taken responsibility.
(Sun, 17 Mar 2019 13:09:03 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Sun, 17 Mar 2019 13:09:03 GMT) (full text, mbox, link).
Message #16 received at 904114-close@bugs.debian.org (full text, mbox, reply):
Source: giflib
Source-Version: 5.1.7-1
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 904114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 17 Mar 2019 13:40:22 +0100
Source: giflib
Architecture: source
Version: 5.1.7-1
Distribution: experimental
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 904114
Changes:
giflib (5.1.7-1) experimental; urgency=low
.
* QA upload.
.
[ Ondřej Nový ]
* d/watch: Use https protocol
.
[ Andreas Metzler ]
* New upstream version:
+ Refresh 03-spelling_fixes.patch.
+ Drop CVE-2016-3977.patch, included upstream.
+ AUTHORS file not shipped anymore, update debian/*.docs.
+ Uses straight make instead of autotools, adapt debian/rules accordingly.
+ 20_giflib_soname.patch from Fedora: Set soname on built library.
+ Update symbol file.
+ Fixes heap-based buffer overflow in DGifDecompressLine function.
CVE-2018-11490 sf#113 Closes: #904114
+ Update debian/copyright, add Format specifier.
* [lintian] Add Build-Depends-Package info to symbol file.
* Use dh 12 compat level.
* Add 25_giflib_mandir.patch to fix the manpage install path and ship the
installed manpages.
* Set Rules-Requires-Root: no.
* 30_link_utils_dynamically.diff: Link giflib-tools dynamically instead of
statically against giflib.
* Delete debian/libgif7.shlibs (Unused, we have a symbol file) and
debian/giflib-dbg.docs.
* debian/copyright: More maintainer history/copyright, assuming NMUs did not
feature big copyrightable changes.
Checksums-Sha1:
0490f88c826634dfb54587b0315186ab9ff0ba1e 1922 giflib_5.1.7-1.dsc
86a005d2f14c8384333984bc18265e322a35ac2d 391525 giflib_5.1.7.orig.tar.gz
50bdb1135afb6fc63f139229540e6741432fc956 8996 giflib_5.1.7-1.debian.tar.xz
Checksums-Sha256:
19645c5615fd9a0ffe30c529eb36d10cebb030ef356fc6fc7ab5e434d997d91f 1922 giflib_5.1.7-1.dsc
94096e4f43fd06071bbb4a6827a9ab4eeff52036adb662f329ffc7c1d198436d 391525 giflib_5.1.7.orig.tar.gz
f885b3ba627fc46bc4e7998cde9a30cbe9df09cf86535d74ff20106ddd796365 8996 giflib_5.1.7-1.debian.tar.xz
Files:
2cae2058415d36e16200763bbe21950d 1922 libs optional giflib_5.1.7-1.dsc
5739b3a75fff3fe7b9419f15bc040703 391525 libs optional giflib_5.1.7.orig.tar.gz
a74bf49fad16dec012d54d3f003251aa 8996 libs optional giflib_5.1.7-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlyOQxYACgkQpU8BhUOC
FIT4PQ/9GfLRnZDbt0U0VGAdQnNBrt2LsuBK3f3wx+V/ORJ4YrckIOfUF7NEi9x1
kL/Ea86epUgMxUh8y8qSfTS1IXE98QGRhzabb2HXMfVw4cfGHcJCKAsvPOI58SDo
XObeGeW8FG+u+hFVVsjypdl7NpVSDQ+5T4Qgv2Z3gakRXruab2UCM4cMqxrWlHeg
Fe5W7YPO5kHSB9z04DWRjYvbQIuz9CYiVe7m9v2zv+fu/jsE9CgOgzmz29QY+SF4
dInCwTNU+WlL/ClqKvWEm5gLLtK9laQNdQN9QfPEvHlFhUOk9m7HtT3iLhOKOdUa
8WoIAeaL++7zajqNxpt8TXqZR2uL75WoVki+7peKc4/HvEzjoF09ZdJnp1N5Ojqx
n6ZKjs9nV8/VAn3E2uWDIxPGAfNm/i+IehVIuWVeQc6IMEJpfT5LmlZO9kWDMbnS
C9stKbJDHOw58BUaSZkp+lSEfxLmRU5xt8BUZXqe9n6AjwBz9hQDDhcXDeRnULah
7mWdv0CHUNqQ4nXYI/1dorM7Zx84ZaxQNb3420RBcVw9LEx4ziLnyd/h5awGvTgx
i/MK2Penjq3G5kFIcu/PeUzqD96J+8uMkojF3kbhmH7TAMsvZVXPIolHCGwAhQtJ
BI/9FTk9FQ6xQV17JwWEzPytX2UdzNudfcF7vnLofujJWkdL5ks=
=sNFP
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 13:50:47 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon