Your message dated Sat, 16 Jan 2016 21:50:14 +0000
with message-id <[email protected]>
and subject line Bug#808704: fixed in giflib 5.1.2-0.1
has caused the Debian Bug report #808704,
regarding giflib: CVE-2015-7555: Heap-based buffer overflow in giffix utility
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
808704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808704
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
Version: 5.1.1-0.2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for giflib.
CVE-2015-7555[0]:
Heap-based buffer overflow in giffix utility
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7555
[1] https://marc.info/?l=full-disclosure&m=145071139902501&w=2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 5.1.2-0.1
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 16 Jan 2016 22:26:13 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif7 libgif-dev
Architecture: source amd64
Version: 5.1.2-0.1
Distribution: unstable
Urgency: high
Maintainer: Thibaut Gridel <[email protected]>
Changed-By: Matthias Klose <[email protected]>
Description:
giflib-dbg - library for GIF images (debug)
giflib-tools - library for GIF images (utilities)
libgif-dev - library for GIF images (development)
libgif7 - library for GIF images (library)
Closes: 808704
Changes:
giflib (5.1.2-0.1) unstable; urgency=high
.
* Non-maintainer upload.
* New upstream version.
- CVE-2015-7555, Heap-based buffer overflow in giffix utility.
Closes: #808704.
Checksums-Sha1:
d39c80219a08f78da22ff26fd757a343b62ddf00 2054 giflib_5.1.2-0.1.dsc
3f7bc86280db30a7120b2113f9f261301c515ad2 638967 giflib_5.1.2.orig.tar.bz2
0a7850a0debf73a3a40dc3fdef8becf4a1dc2c43 12152 giflib_5.1.2-0.1.debian.tar.xz
d5e6fb8ffe1bf0d2eb8b3a4ed583dd5f52ace8f5 166402 giflib-dbg_5.1.2-0.1_amd64.deb
c00974d92158557a29ebce499be1f057c6d84937 121034
giflib-tools_5.1.2-0.1_amd64.deb
0adb892658eda0fb26c7a8ad94ea462714b3c59b 44380 libgif-dev_5.1.2-0.1_amd64.deb
6ace961e7430874fafb53140807bf3385cce3c75 42030 libgif7_5.1.2-0.1_amd64.deb
Checksums-Sha256:
b89ea0e888b2eceeb9c44b3dafc1a097d6a700c1121cfef7cee59f7107459e02 2054
giflib_5.1.2-0.1.dsc
76c0a084c3b02f9315ff937b8be6096186002fea26f33e2123081ba2be6e2a7c 638967
giflib_5.1.2.orig.tar.bz2
068558718360b9c0d40afac1760f3b6e797a36d0143448e2c1fb16d5c546e87a 12152
giflib_5.1.2-0.1.debian.tar.xz
77192b5d61384c0fd7467ce18b212927a3a0ef617933cd939777ad2d72a98af6 166402
giflib-dbg_5.1.2-0.1_amd64.deb
25d42132e9c09ad3911099be000a820d9bf713946367322eea16a8a1ae1726bc 121034
giflib-tools_5.1.2-0.1_amd64.deb
888be6e26c6f0f2e44552b19c3c1f789cfbf6c47dbd7c8bf2d3f066c93d4cab6 44380
libgif-dev_5.1.2-0.1_amd64.deb
2723fc8aa72520a9761ec8d255dfd1ba240a270ab3f738e6ac5d6fc1085c661a 42030
libgif7_5.1.2-0.1_amd64.deb
Files:
312411210693c2a58eda6d877a585475 2054 libs optional giflib_5.1.2-0.1.dsc
323a9f11ab56c8a2d1715376410ce376 638967 libs optional giflib_5.1.2.orig.tar.bz2
8ce448054c46b8c019f9afbb7cc965bc 12152 libs optional
giflib_5.1.2-0.1.debian.tar.xz
25b6182cba3d46ec3f921e8cdf3d6bc5 166402 debug extra
giflib-dbg_5.1.2-0.1_amd64.deb
31b4f765a222f5befd9c245abd5927c6 121034 utils optional
giflib-tools_5.1.2-0.1_amd64.deb
6d669454a8714a6777f0986ed9020e68 44380 libdevel optional
libgif-dev_5.1.2-0.1_amd64.deb
c5677eb81853eaba7c9855ac86dcf0a4 42030 libs optional
libgif7_5.1.2-0.1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJWmrauAAoJEL1+qmB3j6b1AgkP/1kQdUmmGfv7bRflKPgSqwCg
6m47gpUDnww2PZncXotomhQgI/7hVEP0ExFJ8Ahst2ZsRyVjybc+h6BjqqqETViY
2OBNK7c8jKi8wQQL0A+slphuKr3K/AqiYquU4axAJU84djSfJAo7CHjx9FrVP83z
9FOAVY0lltMwWrq/iJNHMX6e6yzGf/cpN+kzZpi8dwpRRrIV2bW1HwIsk1SnwOlV
IakDe4qRtzTFank4sdcBdE97M/KWQ2IzSNG6XKSQxTwLo+g5niREewK1yYKg4Pbl
TqcWyvSi7hIzZ79Cln0TwCy+cBDo6i1wfFcOjYAHtZzZ1W76/I4U5m9cALoG3ZzD
uWdHzwH86+Bj1YoQ6wghEhD2WGv2+nkn6WToAMSKMuOH4A5DuaA3JnUb6ckaN0Jc
IzkdjLqxoiPAa0A3MQj5H8fqAuaDrThMqps02X7cMR2XyygsOTn1Ao59TEjLFsc/
5FjtBlOByIN4HbNfUyjd30vIl3UUjPJIYcsWxPjZyfMF13VOe1AnaWiG7KyU8GBc
adjSBRWRyUOtFAL30HQiclALX1HHP7iO1LTQ+G8XpAkxQWi+IREorrilmO7MkNhA
B9RbB9jK8GLsFcb4PN/5f+hHmszmvT4J0OFQ21P0RJs9WdkJF4OuleXsbC4xyrOV
usAQKrvGhfzNmrqCbcXt
=ZlO/
-----END PGP SIGNATURE-----
--- End Message ---
