Your message dated Sat, 27 Jun 2026 14:32:24 +0000
with message-id <[email protected]>
and subject line Bug#1130495: fixed in giflib 5.2.2-1+deb13u1
has caused the Debian Bug report #1130495,
regarding giflib: CVE-2026-23868
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1130495: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130495
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
Version: 5.2.2-1
Severity: grave
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for giflib.
CVE-2026-23868[0]:
| Giflib contains a double-free vulnerability that is the result of a
| shallow copy in GifMakeSavedImage and incorrect error handling. The
| conditions needed to trigger this vulnerability are difficult but
| may be possible.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2026-23868
https://www.cve.org/CVERecord?id=CVE-2026-23868
[1] https://www.facebook.com/security/advisories/cve-2026-23868
[2]
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 5.2.2-1+deb13u1
Done: Moritz Mühlenhoff <[email protected]>
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Moritz Mühlenhoff <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 13 Jun 2026 17:19:16 +0200
Source: giflib
Architecture: source
Version: 5.2.2-1+deb13u1
Distribution: trixie
Urgency: medium
Maintainer: David Suárez <[email protected]>
Changed-By: Moritz Mühlenhoff <[email protected]>
Closes: 1130495 1131368
Changes:
giflib (5.2.2-1+deb13u1) trixie; urgency=medium
.
* CVE-2026-23868 (Closes: #1130495)
* CVE-2026-26740 (Closes: #1131368)
Checksums-Sha1:
b0dd064ba247b0dffe35594751116be204ab025e 1949 giflib_5.2.2-1+deb13u1.dsc
28f8544869f1f78632cad0896ff531851a368e75 13884
giflib_5.2.2-1+deb13u1.debian.tar.xz
b7abf5ac101c33675fa90ae59cb3113f9fe4e75a 7252
giflib_5.2.2-1+deb13u1_amd64.buildinfo
Checksums-Sha256:
358f5578a56ffa5b9441a50166d648e68a108edbedbb774cc296a15dd55c9fd0 1949
giflib_5.2.2-1+deb13u1.dsc
a246d74352139ceae28e05fd270df6482c98a66357a4e5549f048e6446a246cf 13884
giflib_5.2.2-1+deb13u1.debian.tar.xz
eaeb3ba0ba79e129349f118d2a1fca555847c7de5a7f786293bb00652eb7f7ea 7252
giflib_5.2.2-1+deb13u1_amd64.buildinfo
Files:
2cfcab1f9aee9d12d29eb87bbc35044b 1949 libs optional giflib_5.2.2-1+deb13u1.dsc
c694354dac866dcafcecba52a2f379cd 13884 libs optional
giflib_5.2.2-1+deb13u1.debian.tar.xz
33c86af506863d9c577935c104194bee 7252 libs optional
giflib_5.2.2-1+deb13u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmozCFkACgkQEMKTtsN8
TjZYVg/+MUu/VgxvMl0qR5aLgpOawOz1QhlNQ9Vuwb2wdtXJkHqTZ+PmkogCSbCP
JLDrZb+LNUciwfOY8vVf205TOjqAHEsOcilM2RM6zJ7AyB5CUJGkbtbhmSw1mglq
xSCcMv1lSrV3ygNl4p6T5CEWTnBw36tTQu/OepnCAKH9rM5bW94xMwcXTd66r+an
qKmi74guh40iJ7WCOdJcliFJuR3ymKFap9oZXqSsoc2wzHwfGd+up5Vrs6r6Gcwq
2nbImhulrYuxlOVGTIYhX9+Gpwuijfuee4MbHV+DiV13tSgozH4vMync862ybCFu
nFZ92aikr+aTpj+eNu9kwNYO9nmEJ0krelzzrPaYOiyRoR1LEO4ErUQyuCssvruA
ZGIORfCnThJdNutC3Do25cLVzRqGL2/UGoQ3rAI7sKc5wDvTYheSsYOk79D7fi4Y
yz2j43JnEalV69TlvHRUvfhNZy9EpM0InbqpEmXhYjRCH1SxxIyGqKCK06wxPWPS
aohNE4EgwJBA44AQksL1u0njvUKHqnFFyUO0yw5FPSc2A/iTpZK7kaPzg5JPcU0Q
Ycq1/MFrMqedE1W4BBWJmQZ7Zv8//8amAItahO7Z0Hx5dmYmf5Aw4piYqazU+kfV
pTBahIZlWj91+4bItaIFwrRgHECf/vIYFAFBXVxn4Lp/lC0jidI=
=Renw
-----END PGP SIGNATURE-----
pgpiYWtwyh1Jz.pgp
Description: PGP signature
--- End Message ---