Your message dated Tue, 26 Jan 2016 21:47:08 +0000
with message-id <[email protected]>
and subject line Bug#808704: fixed in giflib 4.1.6-11+deb8u1
has caused the Debian Bug report #808704,
regarding giflib: CVE-2015-7555: Heap-based buffer overflow in giffix utility
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
808704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808704
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
Version: 5.1.1-0.2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for giflib.
CVE-2015-7555[0]:
Heap-based buffer overflow in giffix utility
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7555
[1] https://marc.info/?l=full-disclosure&m=145071139902501&w=2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 4.1.6-11+deb8u1
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 18 Jan 2016 17:08:39 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif4 libgif-dev
Architecture: source
Version: 4.1.6-11+deb8u1
Distribution: stable-proposed-updates
Urgency: medium
Maintainer: Thibaut Gridel <[email protected]>
Changed-By: Guido Günther <[email protected]>
Closes: 808704
Description:
giflib-dbg - library for GIF images (debug)
giflib-tools - library for GIF images (utilities)
libgif4 - library for GIF images (library)
libgif-dev - library for GIF images (development)
Changes:
giflib (4.1.6-11+deb8u1) stable-proposed-updates; urgency=medium
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2015-7555: bail out if Width > SWidth.
Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
(Closes: #808704)
Checksums-Sha1:
937ca29da24e27d93b17dc99741f0768cd8cadf8 2039 giflib_4.1.6-11+deb8u1.dsc
fc9d3910a92fcd430c7741b2de1a6d3bd3e99559 9240
giflib_4.1.6-11+deb8u1.debian.tar.xz
Checksums-Sha256:
58f18c5c6bb24dbce21b13c7252319cb659fb0e86174ebbf8ccee8c7fea38cbb 2039
giflib_4.1.6-11+deb8u1.dsc
c1b25cc01096d9d70e86035040358785bc6b620af5647c92af0ccb9c37d6892c 9240
giflib_4.1.6-11+deb8u1.debian.tar.xz
Files:
a1b7c4fa976592969cfbdc036df462eb 2039 libs optional giflib_4.1.6-11+deb8u1.dsc
cb9afad46009703eed8b7ba6e432239d 9240 libs optional
giflib_4.1.6-11+deb8u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIVAwUBVqVFgwe4t7DqmBILAQgHqhAAgmeflE0kEoCxmLv5gW1E0sBJc6eJosqK
HdPAwZ00JtIBt7l5/WDmMWc+uZDiBLRfSpp+DS9v4t3WL2lb2/g8L1CJDOIvTSas
vJSfxRZKLGjnZMh81MeaPmCGdieRiS0y8aaklEWlFEKGkX7NwDXX1w0yi+lTaavE
Ryvn/dHf3sL0a3YCBl1fjmNpgdmsJoLMZKQOQzEIw7sxO4YCdGxMHF/mx/5xVo0c
k5uPXI2q03if5A7GwOQjA+rMkQyIXBeGk66tXz+lpZvOeUycHGinozYzzyrXwcCU
6El9f3EJi3hmEo9q1fY6Cy0C29TbjwnyD8kRiYIaCf+LPY1neZQu8IEaodgI6pD7
seLollujiRsaRcwl/BwsH8lZSHqHn/4qpeq17hygumiJmf7HM1xYjpWUhXl3QqEP
onud5B03QZ5JoKRrUj2oHpi+Z0AN+VRekQvxY9BdyYkEhU/HaHuARrJGibvHr1ly
1kf/D9ZBAqoIss40/thKT6I6jmS9qFRc1WycGesJ3WvOsqBAmkvL1QwSoOFT4PTs
ElXrqYs7f2P7PkUENQXPxBH/EUIuS2XWmuknklwKcRfs79NR0yAyvmkAhLsorhOb
0uKGxaLvborQwNe3CgAi9yvwuQm/jDp3RHYfK56U0v9jJSy/S3EXa5ZG3kvIGrUm
+yMY6YvTKxk=
=FMsy
-----END PGP SIGNATURE-----
--- End Message ---
