Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
b748dcc5 by Moritz Mühlenhoff at 2026-06-27T23:09:42+02:00
giflib ospu

- - - - -


2 changed files:

- data/CVE/list
- data/next-oldstable-point-update.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -65450,6 +65450,7 @@ CVE-2026-26740 (Buffer Overflow vulnerability in giflib 
v.5.2.2 allows a remote
        {DLA-4650-1}
        - giflib 6.1.3-1 (bug #1131368)
        [trixie] - giflib <no-dsa> (Minor issue)
+       [bookworm] - giflib <no-dsa> (Minor issue)
        NOTE: 
https://github.com/zakkanijia/POC/blob/main/giflib/giftool/giflib_giftool_gce_len_heap_oobwrite_disclosure.md
        NOTE: https://sourceforge.net/p/giflib/bugs/199/
        NOTE: https://sourceforge.net/p/giflib/bugs/201/
@@ -69353,6 +69354,7 @@ CVE-2026-23868 (Giflib contains a double-free 
vulnerability that is the result o
        {DLA-4650-1}
        - giflib 6.1.3-1 (bug #1130495)
        [trixie] - giflib <no-dsa> (Minor issue)
+       [bookworm] - giflib <no-dsa> (Minor issue)
        NOTE: https://www.facebook.com/security/advisories/cve-2026-23868
        NOTE: 
https://sourceforge.net/p/giflib/code/ci/f5b7267aed3665ef025c13823e454170d031c106/tree/gifalloc.c?diff=5146815377b7395944cb683a08c43eee3f631eb7
 CVE-2026-23674 (Improper resolution of path equivalence in Windows 
MapUrlToZone allows ...)


=====================================
data/next-oldstable-point-update.txt
=====================================
@@ -206,3 +206,7 @@ CVE-2026-8177
        [bookworm] - libxml-libxml-perl 2.0207+dfsg+really+2.0134-1+deb12u1
 CVE-2026-34743
        [bookworm] - xz-utils 5.4.1-2+deb12u1
+CVE-2026-26740
+       [bookworm] - giflib 5.2.1-2.5+deb12u1
+CVE-2026-23868
+       [bookworm] - giflib 5.2.1-2.5+deb12u1



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b748dcc545be3848962ddfeb69b33b1a7d9e26f9

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b748dcc545be3848962ddfeb69b33b1a7d9e26f9
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to