giflib - Debian Package Tracker

general

source: giflib (main)
version: 6.1.3-1
maintainer: David Suárez (DMD)
arch: any
std-ver: 4.7.4
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.1.9-2
oldstable: 5.2.1-2.5
stable: 5.2.2-1
testing: 6.1.3-1
unstable: 6.1.3-1

versioned links

5.1.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.2.1-2.5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.2.2-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
6.1.3-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

giflib-tools (1 bugs: 0, 1, 0, 0)
libgif-dev
libgif7

action needed

Problems while searching for a new upstream version high

uscan had problems while searching for a new upstream version:

failed to parse XML: <dehs>
<errors>Malformed version line: version=5, only 'Version: X' is allowed when using version &amp;gt;= 5</errors>
</dehs>
<package>giflib</package>
<debian-uversion>6.1.3</debian-uversion>
<debian-mangled-uversion>6.1.3</debian-mangled-uversion>
<upstream-version>6.1.3</upstream-version>
<upstream-url>https://qa.debian.org/watch/sf.php/giflib/giflib-6.1.3.tar.gz</upstream-url>
<status>up to date</status>
<warnings>debian/watch version number is unrecognised</warnings>
</dehs>
</dehs>

Created: 2026-03-11 Last update: 2026-06-12 19:31

2 security issues in trixie high

There are 2 open security issues in trixie.

2 important issues:

CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
CVE-2026-26740: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

Created: 2025-04-08 Last update: 2026-06-07 00:31

2 security issues in bullseye high

There are 2 open security issues in bullseye.

2 important issues:

CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
CVE-2026-26740: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

Created: 2026-03-12 Last update: 2026-06-07 00:31

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2026-23868: Giflib contains a double-free vulnerability that is the result of a shallow copy in GifMakeSavedImage and incorrect error handling. The conditions needed to trigger this vulnerability are difficult but may be possible.
CVE-2026-26740: Buffer Overflow vulnerability in giflib v.5.2.2 allows a remote attacker to cause a denial of service via the EGifGCBToExtension overwriting an existing Graphic Control Extension block without validating its allocated size.

Created: 2025-04-08 Last update: 2026-06-07 00:31

9 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit 080141c406f1068091de09f1dceea9abb17f9af6
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sun May 31 16:18:05 2026 +0200

    Prepare for release

commit 09a0546e7e9a40d3e838b590a9438b31f76daab7
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sun May 31 15:33:49 2026 +0200

    Add autopkgtest

commit f67eab5a0bcd0219716e2e12c8db9a5c71f8dab4
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sun May 31 14:20:45 2026 +0200

    Add fix-CVE-2026-26740 patch

commit 2bf351c4b672837cedd9310423f14203a16116e5
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sun May 31 13:39:52 2026 +0200

    Improve html docs
    
    - Don't install docs for binaries not distributed
    - Remove doc-base as the index contains references to not installed
      binaries

commit 54fc57d0b645202637551f5fda76dfec6af0e256
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sun May 31 13:36:25 2026 +0200

    Refresh patches

commit 5725fd6dadbff33e931bf74401531dd870186c71
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sun May 31 13:04:19 2026 +0200

    Drop upstream applied patches

commit 37ee63b01d3522feca4b639162c0f6147cb6cd1d
Merge: 6ab977f 1132d97
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sat May 30 20:02:02 2026 +0200

    Update upstream source from tag 'upstream/6.1.3'
    
    Update to upstream version '6.1.3'
    with Debian dir 1c616e045ec8c71d54112ecadc34bf206a0f5585

commit 1132d972a85bf8097c002cfd02238d285603c860
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sat May 30 20:02:01 2026 +0200

    New upstream version 6.1.3

commit 6ab977ff737542c2447ecbff0a6f9565f6f3c40f
Author: David Suárez <david.sephirot@gmail.com>
Date:   Sat May 30 20:01:44 2026 +0200

    Update debian/watch

Created: 2026-05-31 Last update: 2026-06-09 05:01

debian/patches: 1 patch to forward upstream low

Among the 4 debian patches available in version 6.1.3-1 of the package, we noticed the following issues:

1 patch where the metadata indicates that the patch has not yet been forwarded upstream. You should either forward the patch upstream or update the metadata to document its real status.

Created: 2023-02-26 Last update: 2026-06-01 06:01

news

[rss feed]

[2026-06-07] giflib 6.1.3-1 MIGRATED to testing (Debian testing watch)
[2026-05-31] Accepted giflib 6.1.3-1 (source) into unstable (David Suárez) (signed by: David Suárez Rodríguez)
[2024-03-03] giflib 5.2.2-1 MIGRATED to testing (Debian testing watch)
[2024-02-26] Accepted giflib 5.2.2-1 (source) into unstable (David Suárez) (signed by: David Suárez Rodríguez)
[2022-12-05] Accepted giflib 5.1.4-3+deb10u1 (source) into oldstable (Helmut Grohne)
[2022-06-18] giflib 5.2.1-2.5 MIGRATED to testing (Debian testing watch)
[2022-06-18] giflib 5.2.1-2.5 MIGRATED to testing (Debian testing watch)
[2022-06-12] Accepted giflib 5.2.1-2.5 (source) into unstable (Graham Inggs)
[2022-05-03] giflib 5.2.1-2.4 MIGRATED to testing (Debian testing watch)
[2022-04-27] Accepted giflib 5.2.1-2.4 (source) into unstable (Mattia Rizzolo)
[2022-04-27] giflib 5.1.9-2.1 MIGRATED to testing (Debian testing watch)
[2022-04-22] Accepted giflib 5.2.1-2.3 (source) into experimental (Vasyl Gello) (signed by: Mattia Rizzolo)
[2022-04-21] Accepted giflib 5.1.9-2.1 (source) into unstable (Vasyl Gello) (signed by: Mattia Rizzolo)
[2022-04-16] Accepted giflib 5.2.1-2.2 (source) into experimental (Mattia Rizzolo)
[2021-06-07] Accepted giflib 5.2.1-2.1 (source) into experimental (Mattia Rizzolo)
[2021-02-02] giflib 5.1.9-2 MIGRATED to testing (Debian testing watch)
[2021-01-27] Accepted giflib 5.1.9-2 (source) into unstable (David Suárez) (signed by: Sam Hartman)
[2019-12-18] giflib 5.1.9-1 MIGRATED to testing (Debian testing watch)
[2019-12-13] Accepted giflib 5.1.9-1 (source) into unstable (David Suárez) (signed by: Adam Borowski)
[2019-08-25] Accepted giflib 5.2.1-2 (source) into experimental (Andreas Metzler)
[2019-08-19] Accepted giflib 5.2.1-1 (source) into experimental (Andreas Metzler)
[2019-03-17] Accepted giflib 5.1.8-1 (source) into experimental (Andreas Metzler)
[2019-03-17] Accepted giflib 5.1.7-1 (source) into experimental (Andreas Metzler)
[2018-06-11] giflib 5.1.4-3 MIGRATED to testing (Debian testing watch)
[2018-06-05] Accepted giflib 5.1.4-3 (source) into unstable (Salvatore Bonaccorso)
[2018-02-22] giflib 5.1.4-2 MIGRATED to testing (Debian testing watch)
[2018-02-11] Accepted giflib 5.1.4-2 (source) into unstable (Andreas Metzler)
[2017-08-12] giflib 5.1.4-1 MIGRATED to testing (Debian testing watch)
[2017-08-01] Accepted giflib 5.1.4-1 (source) into unstable (Andreas Metzler)
[2016-10-31] giflib 5.1.4-0.4 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 1
RC: 0
I&N: 1
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, reproducibility, cross
popcon
browse source code
other distros
security tracker
debian patches

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.2.2-1ubuntu3
patches for 5.2.2-1ubuntu3