Your message dated Mon, 26 Feb 2024 18:19:07 +0000
with message-id <[email protected]>
and subject line Bug#1014586: fixed in giflib 5.2.2-1
has caused the Debian Bug report #1014586,
regarding giflib: CVE-2021-40633
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1014586: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014586
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
X-Debbugs-CC: [email protected]
Severity: normal
Tags: security
Hi,
The following vulnerability was published for giflib.
CVE-2021-40633[0]:
| A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib
| 5.1.4 allows remote attackers trigger an out of memory exception or
| denial of service via a gif format file.
https://sourceforge.net/p/giflib/bugs/157/
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-40633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40633
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 5.2.2-1
Done: David Suárez <[email protected]>
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Suárez <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 25 Feb 2024 17:44:51 +0000
Source: giflib
Architecture: source
Version: 5.2.2-1
Distribution: unstable
Urgency: medium
Maintainer: David Suárez <[email protected]>
Changed-By: David Suárez <[email protected]>
Closes: 988151 1014586 1024988 1045040 1049653
Changes:
giflib (5.2.2-1) unstable; urgency=medium
.
[ Debian Janitor]
* Update standards version to 4.6.1, no changes needed.
* Remove obsolete fields Contact, Name from debian/upstream/metadata
(already present in machine-readable debian/copyright).
* Use secure URI in Homepage field.
.
[ Andreas Metzler ]
* debian/patches:
+ Drop patches applied upstream (fix-get-args-segment-violation.patch
fix-spelling-errors-on-doc-pages.patch recover-giffilter-docs.patch
add-gifsponge-docs.patch)
+ Drop superseded patch (install-only-distributed-binaries-manuals.patch).
+ Unfuzzz patches
+ Features fixes for CVE-2023-48161, CVE-2022-28506.
* Cherry-pick Correct-document-page-install.patch to install manpages
instead of xml source.
* Install giflib.7 manpage.
* Update symbol file (added DGifDecreaseImageCounter@Base).
* Cherry-pick Clean-up-memory-better-at-end-of-run-CVE-2021-40633.patch to
fix CVE-2021-40633.
* Add lintian overrides for html files built from xml (source-is-missing).
.
[ David Suárez ]
* New upstream version;
Closes: #1024988, #988151, #1014586, #1045040, 1049653
* Update email to debian domain.
* Wrap and sort.
* Add 'dont-build-html-pages-images' patch.
* Acknowledges NMU's uploads.
* Add 'salsa-ci.yml'.
Checksums-Sha1:
28e94528bc0dfdf29e664bd591fef6ed5678b0ef 1942 giflib_5.2.2-1.dsc
608ba98d2dd8d03dfa7476f434d57de50a33e10b 447175 giflib_5.2.2.orig.tar.gz
84b38db8e435abbdc09bff4e9b2cc11c79f3d455 12736 giflib_5.2.2-1.debian.tar.xz
67ef450fa6a2d3011bf263ef42503793a3d0caa4 6079 giflib_5.2.2-1_source.buildinfo
Checksums-Sha256:
6943c6c3caf4b8d7f7052d90313ffde37c24a1c1dab48611e823ab683246ffb2 1942
giflib_5.2.2-1.dsc
be7ffbd057cadebe2aa144542fd90c6838c6a083b5e8a9048b8ee3b66b29d5fb 447175
giflib_5.2.2.orig.tar.gz
9c519a35d45083d7972cc4970a2449d16f91b1f0c710803dc2a71ee670365f03 12736
giflib_5.2.2-1.debian.tar.xz
a61b0bbb8f64a8457762082e5300875c846b41f811eb899dc773b772f5c772d9 6079
giflib_5.2.2-1_source.buildinfo
Files:
4615359d15a03c030fbc3c71bc6f0e39 1942 libs optional giflib_5.2.2-1.dsc
913dd251492134e235ee3c9a91987a4d 447175 libs optional giflib_5.2.2.orig.tar.gz
4cf2ac738d56ef986021feda30a5f5e5 12736 libs optional
giflib_5.2.2-1.debian.tar.xz
4cf695005973e28bb402dffed3455e48 6079 libs optional
giflib_5.2.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEExFAZYDOyRoLv5EydfLboPYYFQjoFAmXc0RwQHGRlaXZAZGVi
aWFuLm9yZwAKCRB8tug9hgVCOh4jD/9C5bQdP/fXjHPwE2bl8PbFzLwh+xKpQbKt
9ii+Jnf1r/mx094+OtoSOXKZQalI4VkjJi4kRrS3GsMVyk2NNbBSGZx0+2Ak9NtX
H7yvO0Cm8HsnLNNixd95P3LyLg1mzh4wABf8V2JyaUsI0ugWDBaZ2+5XxXLpw+Xt
+pNKrFpueZRkrU9AhEVkhntKrazstWNLAdktckVcIrLcQjtfRBStMu7uqjPbY+Bn
jjNGzEdDEP2jj2dlf9MvesUrqZH8seoKGiZONaLKZYRT5uM07Tx1v90WhL24MJD3
+lApsTMNPwKm1MgtJsmeRjoiODk0iCpricm+YkYlbB06fviMb3sc3HfZKHxfk5cW
FbYLxWGDoKf6ou7dvMgYs/bzJ1DEj0ShPgt1H6QWt0kKYZft0UXT5Oq+AErzvacg
KUUuEjM2U9MIXFNXKTgPf3GhbLGjpaYWlk6lAvHdc83hJnQ4Z7Y25QIVA2uBlYab
/ZFJ4ftrkLU3dX+DmTTlR7U46mlH/Sc6YKvqez4eVvjmKdhfVPwFiqxAPw1LFkRy
6q2JEminl3oKaS8Q6lTiA3GfGVSuMWshmnLCu+v4PrXkTlaOFSvfIRXqQ0nx/c/m
rUcXOKLbMvak6uvojiE3sCZ3OQMp6YxUP94YqA7CoiZp0NoFI0HRqMRWc5kigqS4
E7ndf+i7MA==
=yXlM
-----END PGP SIGNATURE-----
pgpTE28T7LRd1.pgp
Description: PGP signature
--- End Message ---
