Your message dated Sun, 31 May 2026 15:05:21 +0000
with message-id <[email protected]>
and subject line Bug#1102520: fixed in giflib 6.1.3-1
has caused the Debian Bug report #1102520,
regarding giflib: CVE-2025-31344
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1102520: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1102520
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: giflib
Version: 5.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://sourceforge.net/p/giflib/bugs/176/
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for giflib.
* CVE-2025-31344[0].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-31344
https://www.cve.org/CVERecord?id=CVE-2025-31344
[1] https://sourceforge.net/p/giflib/bugs/176/
[2] https://www.openwall.com/lists/oss-security/2025/04/07/3
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: giflib
Source-Version: 6.1.3-1
Done: David Suárez <[email protected]>
We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Suárez <[email protected]> (supplier of updated giflib package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 31 May 2026 16:19:21 +0200
Source: giflib
Architecture: source
Version: 6.1.3-1
Distribution: unstable
Urgency: medium
Maintainer: David Suárez <[email protected]>
Changed-By: David Suárez <[email protected]>
Closes: 1068438 1084058 1102520 1130495 1131368
Changes:
giflib (6.1.3-1) unstable; urgency=medium
.
* New upstream version:
- Fix CVE-2026-23868; Closes: #1130495
- Fix CVE-2024-45993; Closes: #1084058
- Fix CVE-2025-31344; Closes: #1102520
- Closes: #1068438
* debian/patches:
- Drop dont-build-html-pages-images patch; Applied upstream.
- Drop Correct-document-page-install patch; Applied upstream.
- Drop revert-GifQuantizeBuffer-remove-from-lib patch;
Applied upstream.
- Drop Clean-up-memory-better-at-end-of-run-CVE-2021-40633 patch;
Applied upstream.
- Refresh giflib_quantize-header patch.
- Refresh dont-spoil-tests-with-stderr patch.
- Add fix-CVE-2026-26740 patch; Closes: #1131368.
* Improve html documentation:
- Nows the install doc rule, installs the html docs.
- Don't install html docs for binaries not distributed.
- Remove doc-base as the index contains references to not
installed binaries.
* Add autopkgtests.
* Remove lintian override for sourceforge, now we use it.
* Update standards version; no changes needed.
Checksums-Sha1:
72ec132a2b543d6cd2e9181ded81a7a59c181dcf 1965 giflib_6.1.3-1.dsc
5bc9aa3e5188d1828b5df8aed81720273952b2d4 470579 giflib_6.1.3.orig.tar.gz
73f1d19a085e428b0b748a7a6642e8706c03e15b 12176 giflib_6.1.3-1.debian.tar.xz
e4ec757b0d9851acdb1b469317ddc5b9c414b97e 7041 giflib_6.1.3-1_amd64.buildinfo
Checksums-Sha256:
5035b192f03b64acb222ca9264c8897861a68fd8f1b4d3e24f278bd00720e9c6 1965
giflib_6.1.3-1.dsc
b65b66b99f0424b93525f987386f22fc5efb9da2bfc92ad4a532249aaffbab0e 470579
giflib_6.1.3.orig.tar.gz
98057467e9a28b0805f60f84fdbbdccaf66b78357c5548bd893db8f6d8e7f7d2 12176
giflib_6.1.3-1.debian.tar.xz
02d04ae515ac5d4bb5bcb2308cbeb2f9b320b38a9dcf879087ce93989289ff1e 7041
giflib_6.1.3-1_amd64.buildinfo
Files:
8db24332416fe2e0680a842c36038410 1965 libs optional giflib_6.1.3-1.dsc
a70e90ff780e9ebee9cb84b82bbd46a7 470579 libs optional giflib_6.1.3.orig.tar.gz
d805eb8a49f6291974f0fcaa7f1fd4fc 12176 libs optional
giflib_6.1.3-1.debian.tar.xz
70044ce832c6727b6f1eaa22d7b02e7f 7041 libs optional
giflib_6.1.3-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCgAuFiEExFAZYDOyRoLv5EydfLboPYYFQjoFAmocR6gQHGRlaXZAZGVi
aWFuLm9yZwAKCRB8tug9hgVCOklnD/42GFGI/bpiJyO4ISH6AVqIbXLGxjZ5p7Ac
SYP5hPaEacE/cop3VTed/wwT/F/I47N3Moqclx6C3Z3idc/oMFaMVX4NYGhE2C3r
q9gEELlEpGFFXNOnAdy09SSCqKoIzSxWwTo+yF4+c0ug+ARh0JzCyVkhaE7XETZs
k8R9O/NgOud/I6MRK4454h56qzMq6peis+5e6KmupB3/Y73Sb/wUcvG7n7entU1f
x5G3qTvyQYV6+F8of315y+voYlq+2E8SshNSAXBjFETEEIoqCbm6AYJnvxwSrs4j
JTWnfPB0uyzLnFPnJMLCbsDAzg1It8wDeIR4Mlf2QtclfRDiNUsjCsmYfjyq/GtS
LxRM1DWFmh+0Hqx5xHBsB3qQeaiDXRhtMEGQ3oHspkZ797pGYvrY3n+27H7y9t6q
mMGXbTJb/mhLhmEVkNCsSjpXHyokivEl54Rr3wMlkERxMY6HulT9n26dQLJR2rnf
xFygkrFXY6fYKKl/UbFUgEFZM9Fhb9kuu1SeVh/4XP9thBKgwCf4tmE3XDxaKVfN
+6b5yKH4X2hPNjesn927afKgcdesfiRjhe3U6w/5gUPTJVdp3hLHOzRGC7UzgqUr
5T930Vv37wEOVas8vL8lgQz1g8elRnFYg5QeaIF+yGvVY+uuESpSVQKDc0hz7bU2
0eQT7YpPQg==
=qLce
-----END PGP SIGNATURE-----
pgpwqPt1sH1yn.pgp
Description: PGP signature
--- End Message ---
