Your message dated Sat, 27 Jun 2026 14:32:41 +0000
with message-id <[email protected]>
and subject line Bug#1131368: fixed in giflib 5.2.1-2.5+deb12u1
has caused the Debian Bug report #1131368,
regarding giflib: CVE-2026-26740 buffer overflow vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1131368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131368
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: giflib
Version: 5.2.2-1
The giflib package in Debian trixie appears to be affected by
CVE-2026-26740.
A buffer overflow vulnerability exists in EGifGCBToExtension due to
missing validation when overwriting an existing Graphic Control
Extension block.
Reference:
https://security-tracker.debian.org/tracker/CVE-2026-26740
System details:
Debian trixie
giflib version 5.2.2-1
Please confirm:
* Whether this issue is acknowledged in Debian
* Availability of fixes or updates
Thanks & Regards,
Ayush Prasad
Software Prod & Plat Eng Team Lead
APP Life Sciences – Product Engineering
Advanced Technology Centres India (ATCI)
Mobile +91 9123774187<tel:+919123774187>
[Image]
________________________________
This message is for the designated recipient only and may contain privileged,
proprietary, or otherwise confidential information. If you have received it in
error, please notify the sender immediately and delete the original. Any other
use of the e-mail by you is prohibited. Where allowed by local law, electronic
communications with Accenture and its affiliates, including e-mail and instant
messaging (including content), may be scanned by our systems for the purposes
of information security, AI-powered support capabilities, and assessment of
internal compliance with Accenture policy. Your privacy is important to us.
Accenture uses your personal data only in compliance with data protection laws.
For further information on how Accenture processes your personal data, please
see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________
www.accenture.com
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 5.2.1-2.5+deb12u1
Done: Tobias Frost <[email protected]>
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Tobias Frost <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jun 2026 09:19:21 +0200
Source: giflib
Architecture: source
Version: 5.2.1-2.5+deb12u1
Distribution: bookworm
Urgency: high
Maintainer: David Suárez <[email protected]>
Changed-By: Tobias Frost <[email protected]>
Closes: 1130495 1131368
Changes:
giflib (5.2.1-2.5+deb12u1) bookworm; urgency=high
.
* Non-maintainer upload by the LTS Team
* Enable CI for bookworm, adapt gbp.conf for bookworm.
* Backport fixes for:
- CVE-2026-23868 - double-free vulnerability (Closes: #1130495)
- CVE-2026-26740 - heap OOB write (Closes: #1131368)
Checksums-Sha1:
1eadb1bd3d430295731ed4e724181491f97dcaa3 1965 giflib_5.2.1-2.5+deb12u1.dsc
c3f774dcbdf26afded7788979c8081d33c6426dc 444187 giflib_5.2.1.orig.tar.gz
988ebe42c35c0cac9d36a006fba719b7cc62a702 13712
giflib_5.2.1-2.5+deb12u1.debian.tar.xz
ccca6447afea5be0554f2be6cc12f092c0b44d1c 6370
giflib_5.2.1-2.5+deb12u1_source.buildinfo
Checksums-Sha256:
5206a92fd4a057768f429033a3a80bc1e06453f6c60dfec243d8188fa6ade3f4 1965
giflib_5.2.1-2.5+deb12u1.dsc
31da5562f44c5f15d63340a09a4fd62b48c45620cd302f77a6d9acf0077879bd 444187
giflib_5.2.1.orig.tar.gz
efa4369de943f7918c2b0b049a125268937ab12039ea6ed01d34ab2125def0df 13712
giflib_5.2.1-2.5+deb12u1.debian.tar.xz
b8fe9083b03691b326a7c313f1d570f2f152abccf9fec314a8fae5110273e388 6370
giflib_5.2.1-2.5+deb12u1_source.buildinfo
Files:
34d7940f4c490ce4554a5eec4104e798 1965 libs optional
giflib_5.2.1-2.5+deb12u1.dsc
6f03aee4ebe54ac2cc1ab3e4b0a049e5 444187 libs optional giflib_5.2.1.orig.tar.gz
4d18adf24ab46858613d57a237c98b6f 13712 libs optional
giflib_5.2.1-2.5+deb12u1.debian.tar.xz
bded6f7e35ad16299a30880b807fee95 6370 libs optional
giflib_5.2.1-2.5+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmo+K0wACgkQkWT6HRe9
XTab7RAAx4P2/zreSyDxarMNcmYjXPnB6lV0QTryHRIvaIGiFCGgP1Seu0j7NeVU
LbsK6pnoKXBKARq9+3xqPPgXIXWkuRVdbh2v7thxkaBQXldmqFFRbSDZF9mV5pQq
eAhZAmxkyMyS5+DUgm6AvC6tENJ3H5zqLBi67J/Q7Qs34lqztPy5R4Wj3O3jeCg8
J61qxg4fnq/NpWPMTlf/yudZDORbg7sgbzIX8umBkgqs+YJww3xn+lAsyfaW1t4+
Go7NfiUaYf3Qu9cIvRkSUFw0aeN6eqJPbDMNJnTuFmjDX3WLU+O6hbNMS+/rbf5t
ZfZG0T9Sy44C20lY9Jj5tqzt3DpE34tZm+9hO6rnIZtTj1qnMzyGexKvwGo7AzIN
D1Jujq05dnjZ5UMDtW90BwTGPQyVYcizS5XmoQ1GE9BL/vSPQrisjaza53s/dnG9
H82RggXetZhGNfoPa602ZOMe/dtyDppbZJr54JZ6ksveERqUoFttqHFDfGj84/bT
lKFYKQ1u/Nt1SO02cVVUNXdZW76/ex05kY+Om3lfiskUkR92ZN6Bf5FXvBKUquFl
QctpjsBhXJXhvstQgCdFJI+PnGYMiET6L1c/NmLJm9kRgd/0/uRzIYccPvZoRYiw
WJy3Xv1j3O6YgfxfW6MquQ5DdMo8nMKpbNIX0ZaNFLORYswa+ZQ=
=Dl2E
-----END PGP SIGNATURE-----
pgpEms1e2L4I0.pgp
Description: PGP signature
--- End Message ---