Bug#395382: giflib3g: Vulnerable to CVE-2005-2974 and CVE-2005-3350
Daniel Baumann wrote: giflib 4.x uploaded, replacing giflib 3.x. Due to changed binary names, the package has to go through NEW. For the impatients, the package is also available at http://archive.daniel-baumann.ch/debian/packages/giflib/ Hi Daniel, Do you plan to add dpatch patches 02 and 03 from libungif4 into the giflib v4 package? It looks like they could be needed... I noticed that it's non-trivial to install the libgif4 .deb at the moment. It conflicts with libungif4g since the latter ships symlinks of libgif.so.4 and libgif.so.4.1.4, and just about everything using libungif.so.4 has a versioned dependency so the Provides doesn't help. :-( Guess this won't be possible to fix till after Etch though. Unless you're planning to upload a new libungif4g package with those symlinks removed soon? best regards, -- Kevin B. McCarty [EMAIL PROTECTED] Physics Department WWW: http://www.princeton.edu/~kmccarty/Princeton University GPG: public key ID 4F83C751 Princeton, NJ 08544 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#395382: giflib3g: Vulnerable to CVE-2005-2974 and CVE-2005-3350
Kevin B. McCarty wrote: I noticed that it's non-trivial to install the libgif4 .deb at the moment. It conflicts with libungif4g since the latter ships symlinks of libgif.so.4 and libgif.so.4.1.4, and just about everything using libungif.so.4 has a versioned dependency so the Provides doesn't help. :-( Guess this won't be possible to fix till after Etch though. Unless you're planning to upload a new libungif4g package with those symlinks removed soon? the bottleneck is NEW processing. once libgif4 is accepted, I'll adjust both package to match optimally against each other. -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#395382: giflib3g: Vulnerable to CVE-2005-2974 and CVE-2005-3350
giflib 4.x uploaded, replacing giflib 3.x. Due to changed binary names, the package has to go through NEW. For the impatients, the package is also available at http://archive.daniel-baumann.ch/debian/packages/giflib/ -- Address:Daniel Baumann, Burgunderstrasse 3, CH-4562 Biberist Email: [EMAIL PROTECTED] Internet: http://people.panthera-systems.net/~daniel-baumann/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#395382: giflib3g: Vulnerable to CVE-2005-2974 and CVE-2005-3350
Package: giflib3g Version: 3.0-11 Severity: grave Justification: user security hole Hello, It appears that all versions of giflib in Debian (3.0-11 in Sarge, 3.0-12 in Etch/Sid) are vulnerable to CVE-2005-2974 and CVE-2005-3350, which were fixed for giflib and libungif in version 4.1.4 upstream. See: http://packages.debian.org/changelogs/pool/main/libu/libungif4/current/changelog#year2005 I will submit a diff against 3.0-12 for a proposed NMU to this bug as soon as the BTS gives me a bug number back. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-3-k7 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) regards, -- Kevin B. McCarty [EMAIL PROTECTED] Physics Department WWW: http://www.princeton.edu/~kmccarty/Princeton University GPG: public key ID 4F83C751 Princeton, NJ 08544 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
