Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
15314667 by Salvatore Bonaccorso at 2026-05-31T20:37:46+02:00
Track fixed version for giflib issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -45402,7 +45402,7 @@ CVE-2026-26948 (Dell Integrated Dell Remote Access
Controller 9, 14G versions pr
CVE-2026-26945 (Dell Integrated Dell Remote Access Controller 9, 14G versions
prior to ...)
NOT-FOR-US: Dell / EMC
CVE-2026-26740 (Buffer Overflow vulnerability in giflib v.5.2.2 allows a
remote attack ...)
- - giflib <unfixed> (bug #1131368)
+ - giflib 6.1.3-1 (bug #1131368)
NOTE:
https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
NOTE: https://sourceforge.net/p/giflib/bugs/199/
CVE-2026-25449 (Deserialization of Untrusted Data vulnerability in shinetheme
Traveler ...)
@@ -49289,7 +49289,7 @@ CVE-2026-23907 (This issue affects the
ExtractEmbeddedFiles example inApache PD
NOTE: Examples are not shipped in the Debian package
NOTE: https://lists.apache.org/thread/gyfq5tcrxfv7rx0z2yyx4hb3h53ndffw
CVE-2026-23868 (Giflib contains a double-free vulnerability that is the result
of a sh ...)
- - giflib <unfixed> (bug #1130495)
+ - giflib 6.1.3-1 (bug #1130495)
NOTE: https://www.facebook.com/security/advisories/cve-2026-23868
NOTE:
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
CVE-2026-23674 (Improper resolution of path equivalence in Windows
MapUrlToZone allows ...)
@@ -169383,7 +169383,7 @@ CVE-2025-31672 (Improper Input Validation
vulnerability in Apache POI. The issue
NOTE: https://www.openwall.com/lists/oss-security/2025/04/08/2
NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=69620
CVE-2025-31344 (Heap-based Buffer Overflow vulnerability in openEuler giflib
on Linux. ...)
- - giflib <unfixed> (bug #1102520; unimportant)
+ - giflib 6.1.3-1 (bug #1102520; unimportant)
NOTE: https://www.openwall.com/lists/oss-security/2025/04/07/3
NOTE: https://sourceforge.net/p/giflib/bugs/176/
NOTE: Fixed by:
https://sourceforge.net/p/giflib/code/ci/7bbe8ea1a595bb7509ffa0a86b076e9b720e85af/
(6.1.1)
@@ -229303,7 +229303,7 @@ CVE-2024-46293 (Sourcecodester Online Medicine
Ordering System 1.0 is vulnerable
CVE-2024-46280 (PIX-LINK LV-WR22 RE3002-P1-01_V117.0 is vulnerable to Improper
Access ...)
NOT-FOR-US: PIX-LINK
CVE-2024-45993 (Giflib Project v5.2.2 is vulnerable to a heap buffer overflow
via gif2 ...)
- - giflib <unfixed> (bug #1084058; unimportant)
+ - giflib 6.1.3-1 (bug #1084058; unimportant)
NOTE: https://gitlab.com/mthandazo/project-pov
NOTE: Crash in CLI tool, no security impact
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1231189#c1
@@ -468429,7 +468429,7 @@ CVE-2021-40635 (OS4ED openSIS 8.0 is affected by SQL
injection in ChooseCpSearch
CVE-2021-40634
RESERVED
CVE-2021-40633 (A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in
giflib 5 ...)
- - giflib 5.2.2-1 (unimportant; bug #1014586)
+ - giflib 6.1.3-1 (unimportant; bug #1014586)
NOTE: https://sourceforge.net/p/giflib/bugs/157/
NOTE: Specific to gif2rgb. Crash in CLI tool, no security impact
CVE-2021-40632
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15314667e36f554b73ac995027324baf67db0fa8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/15314667e36f554b73ac995027324baf67db0fa8
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
