Debian Package Tracker

general

source: giflib (main)
version: 5.1.4-3
maintainer: Debian QA Group [DMD]
arch: any
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 4.1.6-10+deb7u1
oldstable: 4.1.6-11+deb8u1
stable: 5.1.4-0.4
testing: 5.1.4-3
unstable: 5.1.4-3

versioned links

4.1.6-10+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.1.6-11+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.4-0.4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
5.1.4-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

giflib-tools
libgif-dev
libgif7

action needed

2 security issues in sid high

There are 2 open security issues in sid.

2 important issues:

CVE-2018-11489: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Please fix them.

Created: 2018-05-29 Last update: 2018-07-27 14:12

2 security issues in buster high

There are 2 open security issues in buster.

2 important issues:

CVE-2018-11489: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Please fix them.

Created: 2018-05-29 Last update: 2018-07-27 14:12

Multiarch hinter reports 1 issue(s) normal

There are issues with the multiarch metadata for this package.

libgif-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2018-12-14 21:26

1 new commit since last upload, time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 5.1.4-4, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 14e4082b1e78c138a5b36e9219f338741cbfd397
Author: Ondřej Nový <onovy@debian.org>
Date:   Mon Oct 1 10:23:15 2018 +0200

    d/watch: Use https protocol

Created: 2018-10-01 Last update: 2018-12-14 05:43

O: This package has been orphaned and needs a maintainer. normal

This package has been orphaned. This means that it does not have a real maintainer at the moment. Please consider adopting this package if you are interested in it. Please see bug number #834410 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:26

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

TEMP-0820594-BC6826:
CVE-2018-11489: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2016-3977: Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Please fix them.

Created: 2015-12-21 Last update: 2018-07-27 14:12

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-11489: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index is not checked. This will lead to a denial of service or possibly unspecified other impact.
CVE-2016-3977: Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib 5.1.2 allows remote attackers to cause a denial of service (application crash) via the background color index in a GIF file.
CVE-2018-11490: The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode - 2" array index is not checked. This will lead to a denial of service or possibly unspecified other impact.

Please fix them.

Created: 2018-05-29 Last update: 2018-07-27 14:12

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.2.1 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-08-26 08:16

news

[rss feed]

[2018-06-11] giflib 5.1.4-3 MIGRATED to testing (Debian testing watch)
[2018-06-05] Accepted giflib 5.1.4-3 (source) into unstable (Salvatore Bonaccorso)
[2018-02-22] giflib 5.1.4-2 MIGRATED to testing (Debian testing watch)
[2018-02-22] giflib 5.1.4-2 MIGRATED to testing (Debian testing watch)
[2018-02-11] Accepted giflib 5.1.4-2 (source) into unstable (Andreas Metzler)
[2017-08-12] giflib 5.1.4-1 MIGRATED to testing (Debian testing watch)
[2017-08-01] Accepted giflib 5.1.4-1 (source) into unstable (Andreas Metzler)
[2016-10-31] giflib 5.1.4-0.4 MIGRATED to testing (Debian testing watch)
[2016-10-25] Accepted giflib 5.1.4-0.4 (source amd64) into unstable (Paolo Greppi) (signed by: Yaroslav Halchenko)
[2016-06-16] giflib 5.1.4-0.3 MIGRATED to testing (Debian testing watch)
[2016-06-10] Accepted giflib 5.1.4-0.3 (source amd64) into unstable (Matthias Klose)
[2016-05-14] giflib 5.1.4-0.2 MIGRATED to testing (Debian testing watch)
[2016-05-08] Accepted giflib 5.1.4-0.2 (source amd64) into unstable (Matthias Klose)
[2016-05-01] giflib 5.1.4-0.1 MIGRATED to testing (Debian testing watch)
[2016-04-25] Accepted giflib 5.1.4-0.1 (source amd64) into unstable (Matthias Klose)
[2016-04-21] giflib 5.1.2-0.3 MIGRATED to testing (Debian testing watch)
[2016-04-15] Accepted giflib 5.1.2-0.3 (source) into unstable (Gianfranco Costamagna)
[2016-02-01] giflib 5.1.2-0.2 MIGRATED to testing (Debian testing watch)
[2016-01-27] Accepted giflib 5.1.2-0.2 (source amd64) into unstable (Matthias Klose)
[2016-01-26] Accepted giflib 4.1.6-10+deb7u1 (source amd64) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Guido Günther)
[2016-01-26] Accepted giflib 4.1.6-11+deb8u1 (source) into proposed-updates->stable-new, proposed-updates (Guido Günther)
[2016-01-19] giflib 5.1.2-0.1 MIGRATED to testing (Debian testing watch)
[2016-01-16] Accepted giflib 5.1.2-0.1 (source amd64) into unstable (Matthias Klose)
[2016-01-15] Accepted giflib 4.1.6-9+deb6u1 (source amd64) into squeeze-lts (Guido Günther)
[2015-12-18] giflib 5.1.1-0.2 MIGRATED to testing (Debian testing watch)
[2015-12-12] Accepted giflib 5.1.1-0.2 (source amd64) into unstable (Matthias Klose)
[2015-11-02] Accepted giflib 5.1.1-0.1 (source amd64) into experimental, experimental (Matthias Klose)
[2013-12-19] giflib 4.1.6-11 MIGRATED to testing (Debian testing watch)
[2013-12-07] Accepted giflib 4.1.6-11 (source amd64) (Thibaut Gridel) (signed by: Ana Beatriz Guerrero López)
[2012-11-07] giflib 4.1.6-10 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 10
RC: 0
I&N: 8
M&W: 2
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 5.1.4-3
4 bugs