[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#904114: marked as done (CVE-2018-11490)

Your message dated Fri, 13 Dec 2019 03:04:15 +0000
with message-id <E1ifbFX-0007PM-1O@fasolo.debian.org>
and subject line Bug#904114: fixed in giflib 5.1.9-1
has caused the Debian Bug report #904114,
regarding CVE-2018-11490
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
904114: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904114
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: giflib
Severity: important
Tags: security

https://sourceforge.net/p/giflib/bugs/113/

--- End Message ---
--- Begin Message --- 
Source: giflib
Source-Version: 5.1.9-1

We believe that the bug you reported is fixed in the latest version of
giflib, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 904114@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
David Suárez <david.sephirot@gmail.com> (supplier of updated giflib package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 08 Dec 2019 21:18:23 +0100
Source: giflib
Architecture: source
Version: 5.1.9-1
Distribution: unstable
Urgency: medium
Maintainer: David Suárez <david.sephirot@gmail.com>
Changed-By: David Suárez <david.sephirot@gmail.com>
Closes: 834410 904113 904114
Changes:
 giflib (5.1.9-1) unstable; urgency=medium
 .
   [ Ondřej Nový ]
   * d/watch: Use https protocol.
 .
   [ Andreas Metzler ]
   * AUTHORS file not shipped anymore, update debian/*.docs.
   * Uses straight make instead of autotools, adapt debian/rules accordingly.
   * Use dh 12 compat level.
   + Update debian/copyright, add Format specifier.
 .
   [ David Suárez ]
   * New upstream version:
     - Add myself as maintainer; Closes: #834410.
     - Fixes heap-based buffer overflow in DGifDecompressLine function.
         CVE-2018-11490 sf#113; Closes: #904114
     - Fixes MemorySanitizer: FPE on unknown address;
         CVE-2019-15133 sf#119: Closes: #904113
   * Acknowledges NMU's uploads.
   * d/watch:
     - Bump version.
     - Don't run uupdate.
     - Don't use debian redirector.
   * d/patches:
     - Drop '03-spelling_fixes.patch' and 'CVE-2016-3977.patch';
         Applied upstream.
     - Add 'install-only-distributed-binaries-manuals' patch.
     - Add 'revert-GifQuantizeBuffer-remove-from-lib' patch.
   * d/rules
     - Don't force the rebuilding of manpages, the clean rule does the job.
     - Remove the txt docs from giflib-tools; Not distributed.
     - Remove 'dh_strip --dbgsym-migration'; Not needed anymore.
     - Set DPKG_GENSYMBOLS_CHECK_LEVEL to 4.
   * giflib-tools.manpages: point to the correct ones.
   * d/control:
     - Add 'Rules-Requires-Root' field.
     - Update Standars version; no changes needed.
     - Change VCS URL's.
   * d/libgif7.symbols:
     - Add 'Build-Depends-Package' field.
     - Update symbols.
   * d/copyright:
     - Remove 'doc/gif87.txt'; Nows not distributed.
     - Add myself on debian/* files.
     - Add 'upstream-{Name,Contact}'.
   * Wrap and sort.
   * Add upstream metadata.
   * Add lintian overrides for some giflib-tools manpages.
   * Add lintian source override for sourceforge redirector.
   * Drop libgif7.shlibs; not needed.
Checksums-Sha1:
 6036be66d93ac908f8f5b04bbb9bb9fe57f9f866 1933 giflib_5.1.9-1.dsc
 d9fc09e943ee20a765fb8541155fd16956b6a2fc 336304 giflib_5.1.9.orig.tar.bz2
 fb9772c533fe8441839fbb567bc078e0a71222e1 8308 giflib_5.1.9-1.debian.tar.xz
 610611cf9d58565c9fff98c0daa3c0cba303e7c1 5765 giflib_5.1.9-1_source.buildinfo
Checksums-Sha256:
 1d694ffc438056ab3415fa33ab390ef231b1e9943da393b745c9ec1909029e4e 1933 giflib_5.1.9-1.dsc
 292b10b86a87cb05f9dcbe1b6c7b99f3187a106132dd14f1ba79c90f561c3295 336304 giflib_5.1.9.orig.tar.bz2
 fa7d879571e40ecbea6934f0fa3100a7cba0f7313c2de8ff61d62294970ad86d 8308 giflib_5.1.9-1.debian.tar.xz
 390a3d53240ebf75112175bd171fa21e3131430165029d26f2a08dbeebfd847d 5765 giflib_5.1.9-1_source.buildinfo
Files:
 f3e12a7435645c2a2dec229902312403 1933 libs optional giflib_5.1.9-1.dsc
 c1df79d223b10b92f44ca649ef5f1459 336304 libs optional giflib_5.1.9.orig.tar.bz2
 1451e6d081dc7daf44e13cb1f9c7d896 8308 libs optional giflib_5.1.9-1.debian.tar.xz
 730b84348094177beedc150d786ecb21 5765 libs optional giflib_5.1.9-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAl3y+D0ACgkQweDZLphv
fH4w8BAAreV70rCpMPxzCLKZVM9n1NMUl837dtsKA+De9fHGL4AS0+wAEeu1s1NW
g1j4GJcIa2shO85E0GYZPyJouwjF8BQDVLi9n3VBuTggRZTNyV7vU6p0G3QASq1f
QMoOVg611Y+DrHl7ZCF/sXtNH5YOZnIwLosln7q0xUAhYZgxvklMfwWqe6f0ydRe
4J6EmoE8AKvdFNw+P7SvOZ0emgE8Kf8uopDBlmnPw8RWrB9j/Wp1FTILLByfIaPg
eW7hUziJOp+LD6M7QHve+8t64iDJFJkhsAgicfHJmwG/QarTYNCcOVxudXAA4unJ
E/dkNXMIxwwTYvdbAI+K+shRb/z0P2yWkKDmCf7zBZ3ropne0pWBsUDQxk7/Ir0B
Z60GMPA3UH+mzq24TM2hLgoc4GWpKO5ZAWDvNRbPa0BwuIeO6ZKQ48AS4gHQ+Ow4
8fQDqr2CcTPkJh0f4azrnuL7BH7Culw2J13y8M7cXP7mSEu1Upn4lZuYQUCzIL3i
683AQpw/V8H4KR4PScPHfwX4zQc1vccoNjLC7Ztk9ZOcNN4wJM4rK6Ghhcp0caNT
ROZHDfCmRvM49h8np4p8+WWFU4VxcQ17F1/K9iH2ChBdogmunhA6Pf/jw30sMmj5
uLe/CWsNnnFcFMd7j/hJq7XfbpRzJVkIh5J6ZPHnSIWeB7y1NMc=
=j6Wn
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: