Your message dated Tue, 05 Jun 2018 19:19:54 +0000 with message-id <e1fqhuo-00059t...@fasolo.debian.org> and subject line Bug#820526: fixed in giflib 5.1.4-3 has caused the Debian Bug report #820526, regarding giflib: CVE-2016-3977: gif2rgb: heap buffer overflow to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 820526: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820526 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: giflib Version: 4.1.6-10 Severity: important Tags: security upstream patch fixed-upstream Forwarded: https://sourceforge.net/p/giflib/bugs/87/ Hi, the following vulnerability was published for giflib. CVE-2016-3977[0]: gif2rgb: heap buffer overflow If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-3977 [1] https://sourceforge.net/p/giflib/bugs/87/ [2] https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/ Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: giflib Source-Version: 5.1.4-3 We believe that the bug you reported is fixed in the latest version of giflib, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 820...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated giflib package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 05 Jun 2018 20:58:51 +0200 Source: giflib Binary: giflib-tools libgif7 libgif-dev Architecture: source Version: 5.1.4-3 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 820526 Description: giflib-tools - library for GIF images (utilities) libgif-dev - library for GIF images (development) libgif7 - library for GIF images (library) Changes: giflib (5.1.4-3) unstable; urgency=medium . * QA upload. * Heap-based buffer overflow in util/gif2rgb.c (CVE-2016-3977) (Closes: #820526) Checksums-Sha1: 0cb4fc81494d6a967388b7dc927cb72093649588 2074 giflib_5.1.4-3.dsc c9912614f84878a8b3ec8c3584e7c8226f902cb1 7664 giflib_5.1.4-3.debian.tar.xz Checksums-Sha256: f138ee9a50c93aa7b9a1417d818175409a429b8abe3f12465d8738d80033fc13 2074 giflib_5.1.4-3.dsc 767ea03c1948fa203626107ead3d8b08687a3478d6fbe4690986d545fb1d60bf 7664 giflib_5.1.4-3.debian.tar.xz Files: aaf6d4be6e91fd8efc520e618ce35a77 2074 libs optional giflib_5.1.4-3.dsc fa0628a55c299e01bcf103201dccef19 7664 libs optional giflib_5.1.4-3.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlsW3mpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EBe8P+wROu2HMtHhO5fKaA5Ae+GkkxWK0kHjV ZH0saS/dNV+4wzAtSCDogLGfseukN0Tl+W+dsqJRgicwEyyZhlbnNnUzvenpye+W IhFykoC9gy5A/BZ+9IuWbQkgi5HMbVDrya6d8pBbH162OwnPpcst8cpDF8diaHYs ZqP9XcpepRHxKw8ePlif/Hm06wDCt68n8+8sgfP7/nXzaI2BeUT0b22fKCMnklCO wr0kMbb55+eW+bGr68B2dRgL8mSW72iNws9WstYul8W4Lmb6IicLLsbyBP4WYmvj mbRbGWcbXnzfc5IAeSsBwPdMHXXW/tZxPBkvUHXvYow/M9Cy+nuStkuFWBxkNjXJ 8W1lZV0VpIx+xVrgyFRNq+mE4FgoDhTAwvHMCm37tCUBf39nmmdLn+r/pxZcPBOr 70GDUSJPauB0KgFVQT4EFHi/dTltOfPsKRPodT6rNTMjDnnJmXQ9uoZYc+OwNVkB 5rYo18ABPWyJTDuhB0noBwzAsIrp3i8VdkGdK/523LWBM9uOvMLA/JpkoMl13UQx zgYZQ0irQPtmyC8LEA31WFUOaA6cqVw7Fus5XelKudUSC7qPAzEwyUcFat4dqsVa Pc/rTzlpb2PK3ivmo3/ltNVThV4j8vYLie6CGI8Ckx1GeePh9LCan/pn2IaKHKvX 89a+bUWXmsJw =INJ+ -----END PGP SIGNATURE-----
--- End Message ---
