Your message dated Tue, 26 Jan 2016 21:47:39 +0000
with message-id <[email protected]>
and subject line Bug#808704: fixed in giflib 4.1.6-10+deb7u1
has caused the Debian Bug report #808704,
regarding giflib: CVE-2015-7555: Heap-based buffer overflow in giffix utility
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
808704: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808704
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
Version: 5.1.1-0.2
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for giflib.
CVE-2015-7555[0]:
Heap-based buffer overflow in giffix utility
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-7555
[1] https://marc.info/?l=full-disclosure&m=145071139902501&w=2
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 4.1.6-10+deb7u1
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Guido Günther <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 22 Jan 2016 19:03:38 +0100
Source: giflib
Binary: giflib-dbg giflib-tools libgif4 libgif-dev
Architecture: source amd64
Version: 4.1.6-10+deb7u1
Distribution: wheezy
Urgency: medium
Maintainer: Thibaut Gridel <[email protected]>
Changed-By: Guido Günther <[email protected]>
Description:
giflib-dbg - library for GIF images (debug)
giflib-tools - library for GIF images (utilities)
libgif-dev - library for GIF images (development)
libgif4 - library for GIF images (library)
Closes: 808704
Changes:
giflib (4.1.6-10+deb7u1) wheezy; urgency=medium
.
* Non-maintainer upload by the LTS Team.
* CVE-2015-7555: bail out if Width > SWidth.
Cherry-picked upstream commit 179510be300bf11115e37528d79619b53c884a63
(Closes: #808704)
Checksums-Sha1:
2c74be2924d1da1f2608b718874d75b43b5f7601 1995 giflib_4.1.6-10+deb7u1.dsc
9b16f6685ab87150faa123f3ced16149fb5817c0 10208
giflib_4.1.6-10+deb7u1.debian.tar.gz
b253dddfa865a81074f65d6fbdec12b92e44f22a 380532
giflib-dbg_4.1.6-10+deb7u1_amd64.deb
579d5f95d1fae0792d35f4e7b6470d3f8140d272 197308
giflib-tools_4.1.6-10+deb7u1_amd64.deb
166603aee8cde3bc15b2f26957aa2eb1ca5ba546 42580
libgif4_4.1.6-10+deb7u1_amd64.deb
fcb99a2d4cd72944761c15ff65ba29bd34e65ffe 46166
libgif-dev_4.1.6-10+deb7u1_amd64.deb
Checksums-Sha256:
69550041e9a0d513ae3443f7e2c0b9cf73513c832c77c711b2443569ce668f6e 1995
giflib_4.1.6-10+deb7u1.dsc
91b58127e01784db83cccda2775dab40e7e1db5d1df4088f21f5890869b5a746 10208
giflib_4.1.6-10+deb7u1.debian.tar.gz
beeaa3a34ac786c97aff250b8c8aeb1661f4952e9a29dfdd954db45a5b2d8427 380532
giflib-dbg_4.1.6-10+deb7u1_amd64.deb
54ba4c11ab8a5054593a3c6fee1bcb12c96e4c705dbc7942cf899ce31b99e3b3 197308
giflib-tools_4.1.6-10+deb7u1_amd64.deb
6b2e94b180b9bb534744104505e27955e0ba336eca04983523e453aca0741882 42580
libgif4_4.1.6-10+deb7u1_amd64.deb
326ee77a6315ff73e130be4be5d52b2f8dda010220c9e46e3cb819a4d7129b43 46166
libgif-dev_4.1.6-10+deb7u1_amd64.deb
Files:
19feb1d9220506656b5625c646ce3029 1995 libs optional giflib_4.1.6-10+deb7u1.dsc
369a49bbe63853b8b35ab2dc4b32d067 10208 libs optional
giflib_4.1.6-10+deb7u1.debian.tar.gz
09ae5a096d0b4a1b59ab220eb6566eb3 380532 debug extra
giflib-dbg_4.1.6-10+deb7u1_amd64.deb
14293d19378b2dfd08e442606a24a478 197308 utils optional
giflib-tools_4.1.6-10+deb7u1_amd64.deb
5dc005688446d38ef6b37201d4433862 42580 libs optional
libgif4_4.1.6-10+deb7u1_amd64.deb
6c6ce78fe089ae0a87d151ecbedafcbf 46166 libdevel optional
libgif-dev_4.1.6-10+deb7u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIVAwUBVqXIqwe4t7DqmBILAQicVxAAtsgQndNIaTm0z3P0C6GqU8H0eBilb+hf
kSVP/DhnjIFjBodQE2fOreo8/l8E6y5RnFvdwXotQzpXxOghX45RgvJahH44flan
qopkEqhe6kkaYaFBDDgddH8xvvf1U2AbEAOQmrkRO/NDMWMOC9GY/vAVJuUmaxYp
4SmbJY9PQRfvC4RMF1NCuYDcP8YWD3b3bSKsME4pUO8DNoUdXY+fNT79Th7ALJ89
kGKPFZv2NkhB9ns5/37Z8ZrQSjl9bHnjwA2p//l009nLbaKvcA0XZ6TKfJV1/KPS
9PeKUpAagBb8x341IQuA+kw6RsPMt7I7H8DNvx450Uw/OEGXJ0wrIXikS+N+lMqV
8wfoKSmrE1I2bJnk9oxbXLA+yjFAHkpLzRxTk0iu2LH7h93NcZCynmtg5pDNwX29
CuIlWoFk0T+q0+GOYAUC2Jvhu4tkqoIeUpmQ7pEcn8OL3RJ4kax6i0+hNT7z2r5+
iu8byp8LeQ0gkX8Q2C2LNaw2E7W5h1M7cheWgl6BN8US6zFnsxdOebjY58eFdBSs
GmExxVPJlXlpQ0oGDHWjLcFmi3JkiZQJLm9Z1sWGfa2A97Y0HIf/buSjazkfV8uJ
1a7DBI4P3xc8IsfEL5Q5F8Ilgol+NVjuoab0ZgiZEx4UT8X/0VQvI5E9xm/qqb+p
gF45XZi5nE8=
=M4M3
-----END PGP SIGNATURE-----
--- End Message ---
