Your message dated Sat, 27 Jun 2026 14:32:41 +0000
with message-id <[email protected]>
and subject line Bug#1131368: fixed in giflib 5.2.1-2.5+deb12u1
has caused the Debian Bug report #1131368,
regarding giflib: CVE-2026-26740
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1131368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
Version: 5.2.2-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for giflib.

CVE-2026-26740[0]:
| Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote
| attacker to cause a denial of service via the EGifGCBToExtension
| overwriting an existing Graphic Control Extension block without
| validating its allocated size.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-26740
    https://www.cve.org/CVERecord?id=CVE-2026-26740
[1] 
https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 5.2.1-2.5+deb12u1
Done: Tobias Frost <[email protected]>

We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 26 Jun 2026 09:19:21 +0200
Source: giflib
Architecture: source
Version: 5.2.1-2.5+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: David Suárez <[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1130495 1131368
Changes:
 giflib (5.2.1-2.5+deb12u1) bookworm; urgency=high
 .
   * Non-maintainer upload by the LTS Team
   * Enable CI for bookworm, adapt gbp.conf for bookworm.
   * Backport fixes for:
     - CVE-2026-23868 - double-free vulnerability (Closes: #1130495)
     - CVE-2026-26740 - heap OOB write (Closes: #1131368)
Checksums-Sha1:
 1eadb1bd3d430295731ed4e724181491f97dcaa3 1965 giflib_5.2.1-2.5+deb12u1.dsc
 c3f774dcbdf26afded7788979c8081d33c6426dc 444187 giflib_5.2.1.orig.tar.gz
 988ebe42c35c0cac9d36a006fba719b7cc62a702 13712 
giflib_5.2.1-2.5+deb12u1.debian.tar.xz
 ccca6447afea5be0554f2be6cc12f092c0b44d1c 6370 
giflib_5.2.1-2.5+deb12u1_source.buildinfo
Checksums-Sha256:
 5206a92fd4a057768f429033a3a80bc1e06453f6c60dfec243d8188fa6ade3f4 1965 
giflib_5.2.1-2.5+deb12u1.dsc
 31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd 444187 
giflib_5.2.1.orig.tar.gz
 efa4369de943f7918c2b0b049a125268937ab12039ea6ed01d34ab2125def0df 13712 
giflib_5.2.1-2.5+deb12u1.debian.tar.xz
 b8fe9083b03691b326a7c313f1d570f2f152abccf9fec314a8fae5110273e388 6370 
giflib_5.2.1-2.5+deb12u1_source.buildinfo
Files:
 34d7940f4c490ce4554a5eec4104e798 1965 libs optional 
giflib_5.2.1-2.5+deb12u1.dsc
 6f03aee4ebe54ac2cc1ab3e4b0a049e5 444187 libs optional giflib_5.2.1.orig.tar.gz
 4d18adf24ab46858613d57a237c98b6f 13712 libs optional 
giflib_5.2.1-2.5+deb12u1.debian.tar.xz
 bded6f7e35ad16299a30880b807fee95 6370 libs optional 
giflib_5.2.1-2.5+deb12u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmo+K0wACgkQkWT6HRe9
XTab7RAAx4P2/zreSyDxarMNcmYjXPnB6lV0QTryHRIvaIGiFCGgP1Seu0j7NeVU
LbsK6pnoKXBKARq9+3xqPPgXIXWkuRVdbh2v7thxkaBQXldmqFFRbSDZF9mV5pQq
eAhZAmxkyMyS5+DUgm6AvC6tENJ3H5zqLBi67J/Q7Qs34lqztPy5R4Wj3O3jeCg8
J61qxg4fnq/NpWPMTlf/yudZDORbg7sgbzIX8umBkgqs+YJww3xn+lAsyfaW1t4+
Go7NfiUaYf3Qu9cIvRkSUFw0aeN6eqJPbDMNJnTuFmjDX3WLU+O6hbNMS+/rbf5t
ZfZG0T9Sy44C20lY9Jj5tqzt3DpE34tZm+9hO6rnIZtTj1qnMzyGexKvwGo7AzIN
D1Jujq05dnjZ5UMDtW90BwTGPQyVYcizS5XmoQ1GE9BL/vSPQrisjaza53s/dnG9
H82RggXetZhGNfoPa602ZOMe/dtyDppbZJr54JZ6ksveERqUoFttqHFDfGj84/bT
lKFYKQ1u/Nt1SO02cVVUNXdZW76/ex05kY+Om3lfiskUkR92ZN6Bf5FXvBKUquFl
QctpjsBhXJXhvstQgCdFJI+PnGYMiET6L1c/NmLJm9kRgd/0/uRzIYccPvZoRYiw
WJy3Xv1j3O6YgfxfW6MquQ5DdMo8nMKpbNIX0ZaNFLORYswa+ZQ=
=Dl2E
-----END PGP SIGNATURE-----

Attachment: pgphpW0emsF1s.pgp
Description: PGP signature


--- End Message ---

Reply via email to