Your message dated Sat, 24 Jun 2023 18:19:09 +0000
with message-id <e1qd7qn-006vth...@fasolo.debian.org>
and subject line Bug#1038976: fixed in gifsicle 1.94-1
has caused the Debian Bug report #1038976,
regarding gifsicle: CVE-2023-36193
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1038976: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1038976
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: gifsicle
Version: 1.93-2
Severity: normal
Tags: security upstream
Forwarded: https://github.com/kohler/gifsicle/issues/191
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerability was published for gifsicle.
CVE-2023-36193[0]:
| Gifsicle v1.9.3 was discovered to contain a heap buffer overflow via
| the ambiguity_error component at /src/clp.c.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-36193
https://www.cve.org/CVERecord?id=CVE-2023-36193
[1] https://github.com/kohler/gifsicle/issues/191
[2]
https://github.com/kohler/gifsicle/commit/e21a05a00855b3e647302f06683aca743ae08deb
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: gifsicle
Source-Version: 1.94-1
Done: Gürkan Myczko <t...@debian.org>
We believe that the bug you reported is fixed in the latest version of
gifsicle, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1038...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Gürkan Myczko <t...@debian.org> (supplier of updated gifsicle package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 24 Jun 2023 19:46:49 +0200
Source: gifsicle
Architecture: source
Version: 1.94-1
Distribution: unstable
Urgency: medium
Maintainer: Gürkan Myczko <t...@debian.org>
Changed-By: Gürkan Myczko <t...@debian.org>
Closes: 1038976
Changes:
gifsicle (1.94-1) unstable; urgency=medium
.
* New upstream version, fixes CVE-2023-36193. (Closes: #1038976)
* Update maintainer email.
* Bump standards version to 4.6.2.
Checksums-Sha1:
01da8b7ca45fa105490fd0bd4f55f52f411a94e4 1927 gifsicle_1.94-1.dsc
9eb1d0587c362c9ec78c0e87b5abe65789428c1a 480324 gifsicle_1.94.orig.tar.gz
98c1ae4a8e9b629bb81703dfd974c1127961cb86 6136 gifsicle_1.94-1.debian.tar.xz
88862c215475c57276e40b6a0c4bc70454e505c9 7096 gifsicle_1.94-1_source.buildinfo
Checksums-Sha256:
120cd9e5fd40b3e63f9c4f93b3475433ffe292360e1f5dbd8c36c085479ecb23 1927
gifsicle_1.94-1.dsc
ed3ae1bcb3e69c172e82963b84c260cb0fab00a3ba3587ea2042af4bbefcce6a 480324
gifsicle_1.94.orig.tar.gz
f7c783313895c666ba8bf177d8f560fdd2430b28a437c2bbe8cf2c9bfb5f6402 6136
gifsicle_1.94-1.debian.tar.xz
7efcf7a1f297e2feb4dbce9aafdc6cf97c213b959e96fe3ff5d66c34a0fa0aa1 7096
gifsicle_1.94-1_source.buildinfo
Files:
164e604db5ac63033ed3b2de39546838 1927 graphics optional gifsicle_1.94-1.dsc
44303cd0eebdc5bc1adfc7b742bce130 480324 graphics optional
gifsicle_1.94.orig.tar.gz
25a54e6d39f70ecdd4c47446aa8d0916 6136 graphics optional
gifsicle_1.94-1.debian.tar.xz
cf888e518bec8fccbb93f95b265420ef 7096 graphics optional
gifsicle_1.94-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtgob82PcExn/Co6JEWhSvN91FcAFAmSXLVEACgkQEWhSvN91
FcBmsA//YykInGbIAn5eQDJahw7YwBBimfCUploz22r0PCu9eQMJ9VKlfvuEwum7
EoxHCswd993mpX8vcdsNJiSokEgTRW/OH8d1vMF60bC4Pq34blz5d88jU941l6bm
q7t9GqNR0DXiOns+sYAYpFzkmcclAoveY1QcvKPydEP8NXiGF8Jy8nF63A82+gQh
ywHNQpuHXxk16i2D2ZLC5lMirvtWGFBx5Qc4DmNwsnuBcmqMZAjvmbEUotMnf9Zo
a5LurCngImZkTSpUPD184MM2hk/S8QyZdjfjdpvJ/wrh2Y7J1CSLyFGx7w/SvW/S
w7f4hw4yDp72L84zulkDqvUdSUdNossX2eOFLABvX+vk+OiwWRrSteR0RQBAu0xY
crOmKbaA/2a4f4HzCOyLtIqdvRcXWhGeagwtI9DkbbFjUYBRHejtWJTaWF9vVm7C
KqW2ftyVWAs5C4vGPijEuAx7jQowFZSNXmQ2ij7ffdLlrxCu4IvwhL34AqpfhAPI
SwSC28yZxVOgrc4g/a+3ossIarovxgUIuSQyDKtvv3jMBXFGhTKNg7RvkUbjshCR
BpbvHTYHHEY3v4/qMjBhT0oi89IULsQ/LDD7fc+dy3sEGV5UzpMknWoy/ToUeIDu
RJxed88tuurT54BC9TNyaBJLsx+Lom00wyskbdX7h5+T9WeHLV4=
=d1EZ
-----END PGP SIGNATURE-----
--- End Message ---
