Register | Log in

giflib

Choose email to subscribe with

general

source: giflib (main)
version: 5.2.1-2.5
maintainer: David Suárez (DMD)
arch: any
std-ver: 4.6.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 5.1.4-0.4
oldstable: 5.1.4-3
stable: 5.1.9-2
testing: 5.2.1-2.5
unstable: 5.2.1-2.5

versioned links

5.1.4-0.4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.9-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.2.1-2.5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

giflib-tools (1 bugs: 0, 1, 0, 0)
libgif-dev
libgif7

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-11489: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2020-23922: An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

Created: 2022-07-04 Last update: 2022-08-01 13:40

2 security issues in bookworm high

There are 2 open security issues in bookworm.

2 important issues:

CVE-2018-11489: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2020-23922: An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

Created: 2022-07-04 Last update: 2022-08-01 13:40

lintian reports 15 errors and 2 warnings high

Lintian reports 15 errors and 2 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2022-07-30 Last update: 2022-07-30 12:13

2 low-priority security issues in bullseye low

There are 2 open security issues in bullseye.

2 issues left for the package maintainer to handle:

CVE-2018-11489: (needs triaging) The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2020-23922: (needs triaging) An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read.

You can find information about how to handle these issues in the security team's documentation.

Created: 2022-07-04 Last update: 2022-08-01 13:40

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.6.1 instead of 4.6.0).

Created: 2022-05-11 Last update: 2022-06-13 01:42

news

[2022-06-18] giflib 5.2.1-2.5 MIGRATED to testing (Debian testing watch)
[2022-06-18] giflib 5.2.1-2.5 MIGRATED to testing (Debian testing watch)
[2022-06-12] Accepted giflib 5.2.1-2.5 (source) into unstable (Graham Inggs)
[2022-05-03] giflib 5.2.1-2.4 MIGRATED to testing (Debian testing watch)
[2022-04-27] Accepted giflib 5.2.1-2.4 (source) into unstable (Mattia Rizzolo)
[2022-04-27] giflib 5.1.9-2.1 MIGRATED to testing (Debian testing watch)
[2022-04-22] Accepted giflib 5.2.1-2.3 (source) into experimental (Vasyl Gello) (signed by: Mattia Rizzolo)
[2022-04-21] Accepted giflib 5.1.9-2.1 (source) into unstable (Vasyl Gello) (signed by: Mattia Rizzolo)
[2022-04-16] Accepted giflib 5.2.1-2.2 (source) into experimental (Mattia Rizzolo)
[2021-06-07] Accepted giflib 5.2.1-2.1 (source) into experimental (Mattia Rizzolo)
[2021-02-02] giflib 5.1.9-2 MIGRATED to testing (Debian testing watch)
[2021-01-27] Accepted giflib 5.1.9-2 (source) into unstable (David Suárez) (signed by: Sam Hartman)
[2019-12-18] giflib 5.1.9-1 MIGRATED to testing (Debian testing watch)
[2019-12-13] Accepted giflib 5.1.9-1 (source) into unstable (David Suárez) (signed by: Adam Borowski)
[2019-08-25] Accepted giflib 5.2.1-2 (source) into experimental (Andreas Metzler)
[2019-08-19] Accepted giflib 5.2.1-1 (source) into experimental (Andreas Metzler)
[2019-03-17] Accepted giflib 5.1.8-1 (source) into experimental (Andreas Metzler)
[2019-03-17] Accepted giflib 5.1.7-1 (source) into experimental (Andreas Metzler)
[2018-06-11] giflib 5.1.4-3 MIGRATED to testing (Debian testing watch)
[2018-06-05] Accepted giflib 5.1.4-3 (source) into unstable (Salvatore Bonaccorso)
[2018-02-22] giflib 5.1.4-2 MIGRATED to testing (Debian testing watch)
[2018-02-11] Accepted giflib 5.1.4-2 (source) into unstable (Andreas Metzler)
[2017-08-12] giflib 5.1.4-1 MIGRATED to testing (Debian testing watch)
[2017-08-01] Accepted giflib 5.1.4-1 (source) into unstable (Andreas Metzler)
[2016-10-31] giflib 5.1.4-0.4 MIGRATED to testing (Debian testing watch)
[2016-10-25] Accepted giflib 5.1.4-0.4 (source amd64) into unstable (Paolo Greppi) (signed by: Yaroslav Halchenko)
[2016-06-16] giflib 5.1.4-0.3 MIGRATED to testing (Debian testing watch)
[2016-06-10] Accepted giflib 5.1.4-0.3 (source amd64) into unstable (Matthias Klose)
[2016-05-14] giflib 5.1.4-0.2 MIGRATED to testing (Debian testing watch)
[2016-05-08] Accepted giflib 5.1.4-0.2 (source amd64) into unstable (Matthias Klose)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 0

links

homepage
lintian (15, 2)
buildd: logs, clang, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.2.1-2.5
5 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing