Bug#904114: marked as done (CVE-2018-11490)

["Debian Bug Tracking System" <owner@bugs.debian.org>]

Your message dated Sun, 17 Mar 2019 13:04:04 +0000
with message-id <E1h5VSO-00063p-9j@fasolo.debian.org>
and subject line Bug#904114: fixed in giflib 5.1.7-1
has caused the Debian Bug report #904114,
regarding CVE-2018-11490
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
904114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904114
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: CVE-2018-11490
• From: Moritz Muehlenhoff <jmm@debian.org>
• Date: Thu, 19 Jul 2018 23:38:01 +0200
• Message-id: <153203628180.1614.6974379506490868294.reportbug@hullmann.westfalen.local>

Source: giflib
Severity: important
Tags: security

https://sourceforge.net/p/giflib/bugs/113/

--- End Message ---

--- Begin Message ---

• To: 904114-close@bugs.debian.org
• Subject: Bug#904114: fixed in giflib 5.1.7-1
• From: Andreas Metzler <ametzler@debian.org>
• Date: Sun, 17 Mar 2019 13:04:04 +0000
• Message-id: <E1h5VSO-00063p-9j@fasolo.debian.org>

Source: giflib
Source-Version: 5.1.7-1

We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 904114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Andreas Metzler <ametzler@debian.org> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 17 Mar 2019 13:40:22 +0100
Source: giflib
Architecture: source
Version: 5.1.7-1
Distribution: experimental
Urgency: low
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Andreas Metzler <ametzler@debian.org>
Closes: 904114
Changes:
 giflib (5.1.7-1) experimental; urgency=low
 .
   * QA upload.
 .
   [ Ondřej Nový ]
   * d/watch: Use https protocol
 .
   [ Andreas Metzler ]
   * New upstream version:
     + Refresh 03-spelling_fixes.patch.
     + Drop CVE-2016-3977.patch, included upstream.
     + AUTHORS file not shipped anymore, update debian/*.docs.
     + Uses straight make instead of autotools, adapt debian/rules accordingly.
     + 20_giflib_soname.patch from Fedora: Set soname on built library.
     + Update symbol file.
     + Fixes heap-based buffer overflow in DGifDecompressLine function.
       CVE-2018-11490 sf#113 Closes: #904114
     + Update debian/copyright, add Format specifier.
   * [lintian] Add Build-Depends-Package info to symbol file.
   * Use dh 12 compat level.
   * Add 25_giflib_mandir.patch to fix the manpage install path and ship the
     installed manpages.
   * Set Rules-Requires-Root: no.
   * 30_link_utils_dynamically.diff: Link giflib-tools dynamically instead of
     statically against giflib.
   * Delete debian/libgif7.shlibs (Unused, we have a symbol file) and
     debian/giflib-dbg.docs.
   * debian/copyright: More maintainer history/copyright, assuming NMUs did not
     feature big copyrightable changes.
Checksums-Sha1: 
 0490f88c826634dfb54587b0315186ab9ff0ba1e 1922 giflib_5.1.7-1.dsc
 86a005d2f14c8384333984bc18265e322a35ac2d 391525 giflib_5.1.7.orig.tar.gz
 50bdb1135afb6fc63f139229540e6741432fc956 8996 giflib_5.1.7-1.debian.tar.xz
Checksums-Sha256: 
 19645c5615fd9a0ffe30c529eb36d10cebb030ef356fc6fc7ab5e434d997d91f 1922 giflib_5.1.7-1.dsc
 94096e4f43fd06071bbb4a6827a9ab4eeff52036adb662f329ffc7c1d198436d 391525 giflib_5.1.7.orig.tar.gz
 f885b3ba627fc46bc4e7998cde9a30cbe9df09cf86535d74ff20106ddd796365 8996 giflib_5.1.7-1.debian.tar.xz
Files: 
 2cae2058415d36e16200763bbe21950d 1922 libs optional giflib_5.1.7-1.dsc
 5739b3a75fff3fe7b9419f15bc040703 391525 libs optional giflib_5.1.7.orig.tar.gz
 a74bf49fad16dec012d54d3f003251aa 8996 libs optional giflib_5.1.7-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAlyOQxYACgkQpU8BhUOC
FIT4PQ/9GfLRnZDbt0U0VGAdQnNBrt2LsuBK3f3wx+V/ORJ4YrckIOfUF7NEi9x1
kL/Ea86epUgMxUh8y8qSfTS1IXE98QGRhzabb2HXMfVw4cfGHcJCKAsvPOI58SDo
XObeGeW8FG+u+hFVVsjypdl7NpVSDQ+5T4Qgv2Z3gakRXruab2UCM4cMqxrWlHeg
Fe5W7YPO5kHSB9z04DWRjYvbQIuz9CYiVe7m9v2zv+fu/jsE9CgOgzmz29QY+SF4
dInCwTNU+WlL/ClqKvWEm5gLLtK9laQNdQN9QfPEvHlFhUOk9m7HtT3iLhOKOdUa
8WoIAeaL++7zajqNxpt8TXqZR2uL75WoVki+7peKc4/HvEzjoF09ZdJnp1N5Ojqx
n6ZKjs9nV8/VAn3E2uWDIxPGAfNm/i+IehVIuWVeQc6IMEJpfT5LmlZO9kWDMbnS
C9stKbJDHOw58BUaSZkp+lSEfxLmRU5xt8BUZXqe9n6AjwBz9hQDDhcXDeRnULah
7mWdv0CHUNqQ4nXYI/1dorM7Zx84ZaxQNb3420RBcVw9LEx4ziLnyd/h5awGvTgx
i/MK2Penjq3G5kFIcu/PeUzqD96J+8uMkojF3kbhmH7TAMsvZVXPIolHCGwAhQtJ
BI/9FTk9FQ6xQV17JwWEzPytX2UdzNudfcF7vnLofujJWkdL5ks=
=sNFP
-----END PGP SIGNATURE-----

--- End Message ---